SecurityContext In Java EE 7 or earlier versions, other specfications, such as Servelt, EJB, JAX-RS, JAX-WS, etc. have their own specific APIs to query current security context. Servlet - HttpServletRequest#getUserPrincipal, HttpServletRequest#isUserInRole EJB - EJBContext#getCallerPrincipal, EJBContext#isCallerInRole JAX-WS - WebServiceContext#getUserPrincipal, WebServiceContext#isUserInRole JAX-RS - SecurityContext#getUserPrincipal, SecurityContext#isUserInRole JSF - ExternalContext#getUserPrincipal, ExternalContext#isUserInRole CDI - @Inject Principal WebSockets - Session#getUserPrincipal In Java EE 8, you can use the new SecurityContext introduced in Java EE Security 1.0 instead. A default implementation should be available at runime, you can inject it in CDI beans. @Inject SecurityContext securityContext; The new SecurityContext provides similiar methods with the one in other specfications. Principal getCallerPrincipal(); <T extends Principal> Se...