[ https://issues.jboss.org/browse/WFLY-4043?page=com.atlassian.jira.plugin.... ] Brian Stansberry commented on WFLY-4043: ---------------------------------------- Have you asked about this on the forums? Setting up a security domain with a RealmDirect login-module and then having the security-realm use that JAAS security domain seems circular to me. I understand why there could be an issue here -- the quickstart counts on the fact that LoginContext will use the TCCL to load the login module class, and when the EJB call is made, the TCCL is the deployment's classloader, so the class is visible. It doesn't surprise me that the deployment classloader is not the TCCL when other call patterns are used. The basic solution to that would be to package the login module code in a module in the $WILDFLY_HOME/modules dir and use the "login-module" element's "module" attribute to specify the name of the module. But I'm not sure if you really want to package the login module class in the deployment, or if that's just something you're doing because the quickstart did it that way. -- This message was sent by Atlassian JIRA (v6.3.8#6338)