[ https://issues.jboss.org/browse/WFLY-11604?page=com.atlassian.jira.plugin... ] Farah Juma commented on WFLY-11604: ----------------------------------- {quote} This does however leave the question once WildFly Elytron is activated regarding why the EJBContext does not report the run as principal when the call reaches the second bean, I suspect this may have been a decision during implementation as these run as scenarios were discussed quite heavily but it is purely an EJB container issue and not a CDI issue. {quote} For JBEAP-9744, we updated {{EJBContext.getCallerPrincipal()}} so that when called from an unsecured bean, an anonymous principal is returned. This was done to match PicketBox behaviour for the Remoting -> EJB case. For the EJB -> EJB case here with Elytron enabled (i.e., {{CallerWithIdentity -> BeanWithPrincipalFromEJBContext}}), notice that {{BeanWithPrincipalFromEJBContext}} is an unsecured bean. So when {{EJBContext.getCallerPrincipal}} is called, the 'anonymous' principal is currently being returned. However, if any security metadata is added to this bean, then the 'non-anonymous' principal will be returned. Since the 'non-anonymous' principal is returned for the legacy case, I think we should get an issue created to see if there is a way to fix this for the Elytron case without breaking the fix for JBEAP-9744. -- This message was sent by Atlassian Jira (v7.12.1#712002)