Thanks for your continued interest. I continued to research the problem and started with switching on logging for the jboss security package in log4j: <appender name="SECURITY" class="org.apache.log4j.FileAppender"> | <param name="File" value="${jboss.server.home.dir}/log/security.log"/> | <param name="Append" value="true"/> | <layout class="org.apache.log4j.PatternLayout"> | <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/> | </layout> | </appender> | | <category name="org.jboss.security"> | <priority value="DEBUG"/> | <appender-ref ref="SECURITY"/> | </category> When I ran the app I expected to see a security manager log entry for both of the security domains (or realms) i.e. SecureBankDomain and Example (the custom client login module policy name). However only the SecureBankDomain was logged: 2006-07-18 10:46:53,125 DEBUG [org.jboss.security.plugins.JaasSecurityManager.SecureBankDomain] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@501e4e 2006-07-18 10:46:53,125 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@1f5cc7d 2006-07-18 10:46:53,125 DEBUG [org.jboss.security.plugins.JaasSecurityManager.SecureBankDomain] CachePolicy set to: org.jboss.util.TimedCachePolicy@4430e2 2006-07-18 10:46:53,125 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@4430e2 2006-07-18 10:46:53,125 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added SecureBankDomain, org.jboss.security.plugins.SecurityDomainContext@e5590e to map View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958721#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...