Victor, There are many options you can try. 1.) combine the "other" and "db_store" domains into one and use for webapp#1, webapp#2, and ejb. Thus if a user is not authenticated by DBSLM, the URLM will. 2.) Use a run-as role with the servlet 3.) Use EJB3.0. The ability to assign a security domain to a method of a bean is very usefull. Then you could have two accessors, one for each security domain. 4.)etc, etc, etc... I learned a long time ago, if I hit a brick wall trying to do something in JBoss, it is usually because it was the wrong way of doing it. enjoy, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959312#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...