EJB run-as identity gets lost if an unsecured ejb in the call stack -------------------------------------------------------------------- Key: WFLY-8917 URL: https://issues.jboss.org/browse/WFLY-8917 Project: WildFly Issue Type: Bug Components: EJB, Security Affects Versions: 11.0.0.Alpha1 Reporter: Derek Horton Assignee: Darran Lofthouse Fix For: 11.0.0.Beta1 Attachments: SimpleEAR_EJB3.ear Having an unsecured EJB in the call stack will cause the RunAs identity to get lost. An example might look like this: unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin) This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.