EJBAccessException .. WFLYEJB0364: Invocation on ... is not allowed authorization issue when client calling clustered EJB tries to use the local-receiver

Issue

• We have an EJB with @SecurityDomain and @RolesAllowed to secure an EJB that is deployed in a cluster and a client running on node1 that invokes the EJB. As it load balances, it will call node1, node2, etc. If the client specifies node1's host:port (ie. localhost:8080), it will call node1, node1 and then fail with the exception below. If the client on node1 specifies node2 (localhost:8180), it will invoke node2, node1 and then fail with the error below.

It works when it is calling the remote+http destination, but it then tries to call the local-receiver since it does not need to go over the network when the client & ejb are on the same node, so it is making a remote interface call but invoking on the local-receiver and then it fails because there is no principal any more.

DEBUG [org.jboss.ejb.client.invocation] (default task-1) sendRequest: setting receiver, strong affinity = Cluster "ejb", weak affinity = None, remote destination is: remote+http://127.0.0.1:8080
...
DEBUG [org.jboss.ejb.client.invocation] (default task-1) sendRequest: setting receiver, strong affinity = Cluster "ejb", weak affinity = None, remote destination is: local:- 
...
ERROR [stderr] (default task-1) javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract org.jboss.as.quickstart.ejb.api.Response org.jboss.as.quickstart.ejb.api.StatelessRemote.invoke(org.jboss.as.quickstart.ejb.api.Request) of bean: StatelessEJB is not allowed
ERROR [stderr] (default task-1)   at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:134)
...