Ok, finally I managed to work around this issue. I just removed the security-context away from the EJB's jboss.xml. Looks like just using the name of the application-policy as mentioned in [1] isn't the right way... But after this, I had a different (but possibly related?) problem. Instead of showing the login-dialog, I get an IllegalStateException on the console complaining about "Authorization Manager is null". If I remove the security-context from the jboss-web.xml, the dialog appears, but I didn't found a way to specify the correct login-configuration defined in conf/login-config.xml. A very basic example: WEB-INF/jboss-web.xml: | <jboss-web> | <security-domain>java:jaas/other</security-domain> | <context-root>helloworld</context-root> | </jboss-web> | WEB-INF/web.xml: | <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> | <display-name>HelloWorldWeb</display-name> | <welcome-file-list> | <welcome-file>index.jsp</welcome-file> | </welcome-file-list> | <security-constraint> | <web-resource-collection> | <web-resource-name>Everything</web-resource-name> | <url-pattern>/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>somebody</role-name> | </auth-constraint> | </security-constraint> | <login-config> | <auth-method>BASIC</auth-method> | <realm-name>Some Realm</realm-name></login-config> | <security-role> | <role-name>somebody</role-name> | </security-role> | </web-app> | index.html: | <html><body>Hello World</body></html> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4233922#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...