EJB Security Context lost when doing cross context includes ----------------------------------------------------------- Key: WFLY-4166 URL: https://issues.jboss.org/browse/WFLY-4166 Project: WildFly Issue Type: Bug Components: EJB, Web (Undertow) Affects Versions: 8.2.0.Final Environment: SLES 12 Reporter: Jens Viebig Priority: Major I'm getting a javax.ejb.EJBAccessException: JBAS014502 Exception when doing cross context includes across two secured webapps calling a secured EJB. Imagine two Servlets ServletOne and ServletTwo. ServletOne is a basic servlet that only prints "OK" and ServletTwo that is a basic servlet that prints "EJB OK" if ejb method could be accessed and "EJB EXCEPTION" when the call fails. This is packaged into a war that is deployed on the server twice with different names "simple-webapp.war" and "simple-webapp2.war" The war also includes a jsp index.jsp: <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <p>/simple-webapp/ServletOne</p> <c:import url="/ServletOne" context="/simple-webapp"/> <p>/simple-webapp/ServletTwo</p> <c:import url="/ServletTwo" context="/simple-webapp"/> <p>/simple-webapp2/ServletOne</p> <c:import url="/ServletOne" context="/simple-webapp2"/> <p>/simple-webapp/ServletTwo</p> <c:import url="/ServletTwo" context="/simple-webapp"/> <p>/simple-webapp2/ServletTwo</p> <c:import url="/ServletTwo" context="/simple-webapp2"/> The Output is: <p>/simple-webapp/ServletOne</p> OK <p>/simple-webapp/ServletTwo</p> EJB OK <p>/simple-webapp2/ServletOne</p> OK <p>/simple-webapp/ServletTwo</p> EJB EXCEPTION <p>/simple-webapp2/ServletTwo</p> EJB OK It seems that a cross context call to another app was made, it is not possible to call secured ejbs in the same request from the first webapp. This does not affect new requests, only requests that do the cross context include.