sorry, this won't help you but I'm having the same problem. I can put the new credential in the securityassociation but new time the loginmodule is called still the old password in returned from the getCredential method. I even do a login logout and still the previous password is used In this case I have the problem with a change password call View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018816#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...