The security context is a property of the call and has to be established every time. A LoginContext is just the mechanism used to associate the incoming security context with the container. You cannot share LoginContexts in a multi-threaded multi-user envrionment like a server. The default behavior of the org.jboss.security.ClientLoginModule used by clients is to associate the security context globally across all callers such that a single login affects all subsequent calls. This is still not sharing LoginContext, its simply relying on the side effects of the configured login modules having global semantics.