It tests the security feature of JavaEE service engine. JavaEE SE is used on consumer as well as on the provider side.
An EJB webservice is invoked by a servlet that requires authentication. This webservice method returns the caller principal associated with the invocation.
A temporary file user is created in this test.
Here is the invocation flow-
1. Standalone client invokes the servlet after passing proper user credential.
2. Apserver invokes the servlet with a Principal.
3. Servlet calls the EJB webservice.
4. EJB webservice returns the caller principal associated with the EJBContext.
5. Servlet sends the returned value of EJB webservice in the response.
6. Client checks whether the returned principal matches with the one it was invoked.