Lost user context in EJB @Remote inside ManagedBean

[edumartinsrib]

Hi!

I found a bug in the Jakarta EE10 version, regarding the use of beans with a remote interface. The new Jakarta EE 10 version is losing the context of the principal user when injecting a Bean with a remote interface. This error results in the loss of the context necessary for user permission validations, for example.

To Reproduce Inject the EJB with interface @Remote into any ManagedBean.

Expected behavior Maintain the user context in Beans annotated with @Remote.

OS: Linux Ubuntu Browser: Chrome/Firefox Version: 121.0.6167.160 / 122.0.1 App Server: Glassfish 6.1.0 / 7.0.12

[hberton]

I have the same problem

[douglasmartim]

I have the same problem, in Jakarta 9.1.0 with Glassfish 6.1.0 this problem does not occur, when upgrading the application to Jakarta 10 and Glassfish 7.x the security context is lost when I use remote interfaces injected into my managed beans.

[pzygielo]

This repository is for specification. From description and comments it seems that https://github.com/eclipse-ee4j/glassfish/issues/ would be better place for this report.