But putting @SecurityDomain(value = "formauth") results in re-authentication at EJB layer even if user principal is already authenticated at web layer. And it happens on each EJB call again and again!
Is this a desired behavior on Jboss because this doesn't happen on weblogic.