WebSphere provides a security infrastructure for application security which is transparent to the application developer. That is, the developer does not need to code for security, since it will all be handled at deployment and runtime.
Having said that, when developing servlets and EJBs, there are a few security calls available if the developer wants greater control of what the end user is allowed to do than is provided by the infrastructure.
The EJB 2.0 specification defines two methods that allow programmatic access to the caller’s security context, javax.ejb.EJBContext.
java.security.Principal getCallerPrincipal() ...