J2EE Container Manages Security

[Wes Hinkle <hi...@synovation.com>]

Has anyone had any experience integrating Axis services with WebLogic
container managed security?
I have a web service is called from an applet in the context of a Web
application. The user is authenticated by the Web tier. The service calls an
EJB and must return data based on the caller principle. getCallerPrinciple()
always returns 'guest'.
- I've tried configuring the web service to pass the sessionId with the
request by calling setMaintainSession(true) on the Call object and
configuring the scope of the service to 'Session'
- I've also tried putting a security constraint in Web.xml allowing the role
everyone access to the url pattern services/* (this broke connectivity to
the service)

Any suggestions would be greatly appreciated.

Wes