The jboss-transaction dependency is due to a simple utility class that really should be in the common or some j2ee util. The LoginConfigInterceptor was a prototype to look at being able to introduce security configs by finding a login-config.xml in the deployment. Its obsolete for jboss5 and the vdf, and should in fact be a security config deployer in jbossas, not in the security project. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989827#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...