The only thing I want to chime in here is that JBossSecurityContext must not cross the wire. In fact it should not be serializable at all. It's more than just a security context and too heavy for remote usage.
Reply to this message by going to Community
Start a new discussion in PicketBox Development at Community