This case study by Ruwan Linton and Asankha Perera describes, a proof of concept for a government organization to expose two repositories (one that is accessible as an EJB and the other as a Web Service), as a single composite service to allow merging of the results in order to be sent to the caller removing any possible duplicates. This example shows the caller identity propagation through WS-Security, JAAS and HTTP Basic Authentication from the composite service to the EJB and Web Service, in addition tohow failures and timeouts can be handled within the ESB when returning results from the external repositories.
Here's the story: Geneva-CaseStudy.pdf [1]