I am using 2 way SSL and I have a servlet that calls and EJB method to get the user principal and roles and it works fine.  But I also have a thin client javascript (RAP) portion of code that the secuirty context does not get passed to the bean.  The client code (running in the server) is get a reference to the bean like this:

// first check to see if this code is running inside the WildFly container, as in the case of the thin client
try {

   beanCtx = new InitialContext();

   remote = (CommunicationBeanRemote) beanCtx.lookup("java:global/NetCentric/EJB/CommunicationBean");

} catch (NamingException ne) {

   if (beanCtx != null) {

   try {

   beanCtx.close();

  } catch (NamingException e) {

   //
   }

  }

}

if remote is not null, the method on the bean is invoked directly, if not the servlet interface is called which then calls the bean using normal RDI, which works great.  It is the call to the bean made with this lookup that doesn't work.  I have the audit logging turned on, and I can see the caller is authenticated and the roles fetched from LDAP, but the InitialContext here is not using that user security context.  Can someone tell me how I can force the security context of the caller into this "remote" context (which is not REALLY remote, just a bad variable naming)