I was playing around with the LoginInitialContextFactory which uses the SECURITY_* environment variables to initiate a JAAS login under the covers. Works great, except that when I close the InitialContext returned from this factory, the user stays logged in.
I can make additional calls to the EJBs even after the context is closed and the last principal is still logged in. Shouldn't the close method on the context execute a logout of the user?