Hi, I'm currently working on a project where I have an ear with many beans (many of them are ejb2, some ejb3). The ejb3 have local-interfaces and they also act as webservice endpoints. These beans (the webservice-endpoints) are using container-managed security (jaas/@SecurityDomain). Then there are two other war's which are not incldued in the ear, mentioned above. These both also use container-managed security. The web-apps are accessing the business-logic using the webservice-endpoints. Now to my question: When I have logged in on Webapp A are the credentials automatically provided when accessing the webservice indirectly (SSO is configured for the whole Host.) or do I have to store the credentials in the session for reuse on all requests to the webserviceendpoints? Thanks for your help! Marc View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259540#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...