Details
Description
The result of getCallerPrincipal can be random depending on list order. Code has been reworked so that JAAS Implementations may annotate the principal implementations with @CallerPrincipal to tell the org.apache.openejb.spi.SecurityService which principal to return from getCallerPrincipal.
Annotation used instead of an interface so that JAAS LoginModules can avoid a mandatory runtime dependency on any OpenEJB libraries.