WildFly is being updated to add support for authorization checks, this is based on the Subject most recently associated with the AccessControlContext.

As Remoting JMX is handling remote client requests the Subject of the remote client needs associating with the AccessControlContext.

No ThreadLocals are in use so at least don't need to worry about those but do need to worry about dispatching to different threads.

This will need to apply to all versions of the protocol - this is specifically a server side change but the remote side of the connection may be using the older protocol versions.