Do you have the latest jbosssx-client.jar from security 2.0.0.snapshot? That internally has the routing for SecurityAssociation to security context concepts. So your SecurityAssociation.xxx calls internally do the security context work. We are moving away from the security association usage. In theory, you should be doing a jaas login. If there are any specific tests that you want me to take a look at, please point them here. The security context usage over the old SA is an important step towards the future security project. I do not want to hold off any WS deliverables because of this new introduction. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041403#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...