I am migrating some Java EE modules from Spring to EJB and are now facing the problem that I need some sort of pre-authentication prior to calling a service method. The problem is actually quite easy. A call comes in from an internal protocol handler (some thread started the proprietary protocol handler and received requests using a custom TCP protocol). Not this connection already authenticated the user and wants to call a service method next. This service method requires a principal information (user name) for processing. So in Spring we simply pushed the SecurityContext to the local thread and removed it when the call was done. Protocol Handler -> Set SecContext -> Call -> Remove SexContext -> End Is there anything similar to that in Java EE/JBoss? I know there are "@RunAs" constructs but I don't know if they can be used programmatically. Or is there a way to "log in" using the JAAS LoginContext class? But how do I configure JAAS then?