This definitely looks related to security.
I commented out the RolesAllowed and the call to do the programmatic login, so the example did not trigger any authentication. Calling multiple beans from multiple threads seemed to work just fine - I could not make it fail whereas I could do so easily with the security check in-place.
- Tim
[Message sent by forum member 'tjquinn' (tjquinn)]
http://forums.java.net/jive/thread.jspa?messageID=276373