HTTP 401 Unauthorized is output to accless.log when accessed from EJB client using EJB over HTTP

Root Cause

The ejb-remote application included in the jboss-eap-quickstarts can be used to reproduce the problem.

1. Add user and deploy EJB application to JBoss EAP server.

   $JBOSS_HOME/bin/add-user.sh -a -u 'quickstartUser' -p 'quickstartPwd1!'
   cd jboss-eap-quickstarts/ejb-remote
   mvn clean install wildfly:deploy
   

2. Generate EJB Client module and execute.

   cd jboss-eap-quickstarts/ejb-remote/client
   mvn package assembly:single
   mvn -Dhttp=true exec:exec
   

EJB over HTTP is used by adding the option -Dhttp=true when the EJB client is executed.

If you enable the Request Dumping Handler and check server.log, you will see that the first HTTP 401 Unauthorized response returns a WWW-Authenticate header for DIGEST authentication.
In the following example, "AAAABAAAAvX+AhA1VniUOnq2tr6ubcslmZeNzJ4lwahDCP8yF/Az2hDrfN8=" is the digest information.

Digest realm="ApplicationRealm", nonce="AAAABAAAAvX+AhA1VniUOnq2tr6ubcslmZeNzJ4lwahDCP8yF/Az2hDrfN8=", opaque="00000000000000000000000000000000", algorithm=MD5, qop=auth

Then, for the second and subsequent requests, EJB client sends an Authorization header containing the user name and digest information.

Digest username="quickstartUser", uri="http://localhost:8080/wildfly-services/ejb/v1/invoke/-/ejb-remote-server-side/-/CalculatorBean/-/org.jboss.as.quickstarts.ejb.remote.stateless.RemoteCalculator/add/int/int", realm="ApplicationRealm", nc=00000001, cnonce="KlqoBoaqYswb2uiVaRcWBkupjurkIF45vpTh-KJw", algorithm=MD5, nonce="AAAABAAAAvX+AhA1VniUOnq2tr6ubcslmZeNzJ4lwahDCP8yF/Az2hDrfN8=", opaque="00000000000000000000000000000000", qop=auth, response="1eb1faa16b0ed1aaf576508396e0bfe3"