In EAP 8 Beta there are two failures related to application security context handling the standalone Jakarta Security 3.0 TCK. The following TCK tests fail:

• https://github.com/jakartaee/security/blob/master/tck/app-securitycontext/src/test/java/ee/jakarta/tck/security/test/AppSecurityContextIT.java#L73
  • Calling SecurityContext#hasAccessToWebResource without specifying the HTTP method to test doesn't work. The HTTP method needs to be specified explicitly for now.

• https://github.com/jakartaee/security/blob/master/tck/app-securitycontext-customprincipal/src/test/java/ee/jakarta/tck/security/test/AppSecurityContextCallerPrincipalIT.java#L48
  • When using a custom principal, SecurityContext#getCallerPrincipal returns null.

The underlying issue for all the failures above is that the changes for WFLY-16858 were not ported to the EAP 8 Beta branch. This is not an issue upstream, so this will be resolved when the branch for EAP 8 GA is created.