I am facing a problem with JAAS and EJB. I need some help.

We are into developing a J2EE product and should not use any native application
server api.

For security, i am using JAAS.

Client in our architecture is SWING application.
I have created LoginContext object in client and called the login method.
LoginModule configured authenticates the user in login method and updates the
subject in the commit method.

The next call is Subject.doAs(subject, egPreviligedAction).

In run method of egPrevilegedAction, i am making a call to business method of
a EJB.
In the business method of EJB, i am calling the sessionContext.getCallerPrincipal().getName()
method. (i have assigned the session context object to local variable in setSessionContext
the above method always returns the SimplePrincipal with Anonymous as the name.

I created an object of SimplePrincipal in the client and added the same to subject
and then called the doAs method.
Even now i am getting the Anonymous as the name for the principal.

I can't not use Weblogic WLUser or weblogic authenticate method, because it application
server specific classes.

Is there any configuration required at server DD where i mention the principal
class name
is there any configuration required at client side to mention this class.

NOTE: for adding the principal, i was getting the subject from loginContext.getSubject()
method. this returns me a valid subject.
When i called weblogic.security.Security.getCurrentSubject() - a static method,
i was expecting the subject in the jvm to be returned. i.e. in both loginContext.getSubject
and Security.getCurrentSubject method calls, i was expecting the same object to
be returned.
in the second case, Security.getCurrentSubject method throws NullPointerException.
(It is not returning null, the method call is throwing NullPointerException).

Is there any configuration required in the client security policy file for the
or is there any solution to my problem.

Faster reply is highly apreciated.