I'm in the process of developing a web application that will be comunicating with some ejb3 stateless session beans remotely. These session beans will be secured so only authenticated users can call them. Within the web app, I only want to create one initial context for looking up the beans on the back end, but I want each call to the back end to send back the principal and password of the person on the front end who is actually making the call. From all the examples I have seen, the security info is setup before creating the initial context (via some client side login module) and then all beans looked up via that context will propogate that security info to back end calls. Is there a way for me to have one global initial context and still be able to propogate different security info to the back end per call? Also, can I cache the remote session bean proxys and is there any benefit to doing this?