Currently we are setting the component jndi context, the thread context classloader, and the security info per web app in the handle method of a web app context subclass. This is wrong. This handle method is only called once from the socket listener. Dispatches to other servlets, in particular servlets in other web apps, do not go through this handle method again. Therefore the component context, transaction context, classloader, and security context are still those of the first web app accessed.
The solution appears to be to remove this code from the handle method and put it in enterContextScope and exitContextScope, public methods of Jetty's HttpContext. These methods are called by dispatchers when changing web apps.