I am not sure any SecurityDomain is getting created in the BCM. The way the BCM startService() is coded is: | if (securityDomainJndiName != null && jaasSecurityManagerService == null) | throw new DeploymentException("You must supply both securityDomainJndiName and jaasSecurityManagerService to use container managed security"); | | if (securityDomainJndiName != null) | securityDomain = (SubjectSecurityManager) new InitialContext().lookup(SECURITY_MGR_PATH | + securityDomainJndiName); | So basically there needs to be an injection of securityDomainJndiName. This is not happening at all. The test case I was peeking at was: | org.jboss.test.jca.test.SecurityContextUnitTestCase | Adrian's rant about the JCA security integration is here: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=124525 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4111502#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...