coder1650
diff --git a/‎jaspic/ejb-propagation/pom.xml
+1-2 b/‎jaspic/ejb-propagation/pom.xml
+1-2
diff --git a/‎jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/servlet/PublicServletPublicEJBLogout.java
+56 b/‎jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/servlet/PublicServletPublicEJBLogout.java
+56
diff --git a/‎jaspic/ejb-propagation/src/test/java/org/javaee7/jaspic/ejbpropagation/PublicEJBPropagationLogoutTest.java
+62 b/‎jaspic/ejb-propagation/src/test/java/org/javaee7/jaspic/ejbpropagation/PublicEJBPropagationLogoutTest.java
+62
@@ -8,9 +8,8 @@
         <version>1.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
-    <groupId>org.javaee7</groupId>
+    
     <artifactId>jaspic-ejb-propagation</artifactId>
-    <version>1.0-SNAPSHOT</version>
     <packaging>war</packaging>
     <name>Java EE 7 Sample: jaspic - ejb-propagation</name>
 
 
@@ -0,0 +1,56 @@
+package org.javaee7.jaspic.ejbpropagation.servlet;
+
+import java.io.IOException;
+
+import javax.ejb.EJB;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.javaee7.jaspic.ejbpropagation.ejb.PublicEJB;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/public/servlet-public-ejb-logout")
+public class PublicServletPublicEJBLogout extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @EJB
+    private PublicEJB publicEJB;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        String webName = null;
+        if (request.getUserPrincipal() != null) {
+            webName = request.getUserPrincipal().getName();
+        }
+
+        String ejbName = publicEJB.getUserName();
+
+        request.logout();
+        HttpSession session = request.getSession(false);
+        if (session != null) {
+            session.invalidate();
+        }
+
+        String webNameAfterLogout = null;
+        if (request.getUserPrincipal() != null) {
+            webNameAfterLogout = request.getUserPrincipal().getName();
+        }
+
+        String ejbNameAfterLogout = publicEJB.getUserName();
+
+        response.getWriter().write("web username: " + webName + "\n" + "EJB username: " + ejbName + "\n");
+        response.getWriter().write("web username after logout: " + webNameAfterLogout + "\n" + "EJB username after logout: " + ejbNameAfterLogout + "\n");
+
+    }
+
+}
@@ -0,0 +1,62 @@
+package org.javaee7.jaspic.ejbpropagation;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+
+import java.io.IOException;
+
+import org.javaee7.jaspic.common.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.xml.sax.SAXException;
+
+/**
+ * This tests that the established authenticated identity propagates correctly
+ * from the web layer to a "public" EJB (an EJB without declarative role
+ * checking) and that after logging out but still within the same request this
+ * identity is cleared.
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@RunWith(Arquillian.class)
+public class PublicEJBPropagationLogoutTest extends ArquillianBase {
+
+    @Deployment(testable = false)
+    public static WebArchive createDeployment() {
+        return defaultArchive();
+    }
+
+    @Test
+    public void testProtectedServletWithLoginCallingEJB() throws IOException, SAXException {
+
+        String response = getFromServerPath("public/servlet-public-ejb-logout?doLogin");
+
+        System.out.println(response);
+
+        // Both the web (HttpServletRequest) and EJB (EJBContext) should see the
+        // same
+        // user name.
+
+        assertTrue(response.contains("web username: test"));
+        assertTrue("Web has user principal set, but EJB not.", response.contains("EJB username: test"));
+
+        
+        // After logging out, both the web and EJB should no longer see the user
+        // name
+
+        assertFalse(
+            "Web module did not clear authenticated identity after logout", 
+            response.contains("web username after logout: test")
+        );
+        assertFalse(
+            "EJB did not clear authenticated identity after logout", 
+            response.contains("EJB username after logout: test")
+        );
+
+    }
+
+}