Websocket Auth - Container is not aware of the Principal -------------------------------------------------------- Key: WFLY-3313 URL: https://issues.jboss.org/browse/WFLY-3313 Project: WildFly Issue Type: Bug Components: EJB, Security, Web (Undertow), Web Sockets Affects Versions: 8.1.0.CR1, 10.0.0.Final, 15.0.0.Final Reporter: Markus D Assignee: Stuart Douglas Priority: Major Attachments: websocket-different-principals-ejb-vs-socket.png, websocket-endpoint-security.war The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal. When an EJB is called the callerPrincipal is always anonymous. @Resource private SessionContext ctx; Principal callerPrincipal = ctx.getCallerPrincipal(); Running thread here: https://community.jboss.org/thread/240617 Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?