That looks like that you have a different security configuration in standalone and domain mode.
Or you did not have the correct user settings in domain mode
Thanks I'll run this by the Admin for the domain mode server and see if it shakes anything loose.
Let me know your findings
New information. The issue is not tied to Standalone vs Domain mode. The problem is occuring between EAP versions. The application runs fine on version 6.0.1, but breaks on version 6.1.1 and 6.2.0 . It appears to be tied to the ejb-security-interceptor feature that was added in 6.1.0 . The application is a legacy that was migrated from WebSphere 6.1 and uses EJB 2.1 .
At this point we're looking at what changed between versions 6.0.1 and 6.1.1 to see what has caused the application to stop working.
In that case I suppose the issue is the changed default behaviour.
Unsecured method inside a secured app are denied by default since EAP6.1.
You might add this to the ejb3 subsystem (example applies to domain mode):