[ https://issues.jboss.org/browse/WFLY-3313?page=com.atlassian.jira.plugin.... ] Juraci Paixão Kröhling edited comment on WFLY-3313 at 4/13/16 4:19 AM: ----------------------------------------------------------------------- Apparently, this is still happening. Using the [javaee7-samples' "websocket/endpoint-security"|http://blog.arungupta.me/securing-websockets-username-password-servlet-security-techtip49/] as base and using the following code, I get the proper user on the WS Session's principal and anonymous on EJB's session context. {code} @ServerEndpoint(value = "/websocket") @Stateless public class MyEndpoint { @SuppressWarnings("EjbEnvironmentInspection") @Resource SessionContext sessionContext; @OnMessage public String echoText(Session session, String text) { Principal sessionP = session.getUserPrincipal(); Principal p = sessionContext.getCallerPrincipal(); return text; } } {code} was (Author: juraci.costa): Apparently, this is still happening. -- This message was sent by Atlassian JIRA (v6.4.11#64026)