Hi, I was able to secure the 4.0.5GA web side fine with the getting started guide for 4.0.4. I am using the j2ee 7 tutorial and the additional jboss source. But when I add the <security-domain>java:/jaas/dukesbank</security-domain> element to jboss.xml for the ejb side I get an exception. 14:25:31,126 ERROR [LogInterceptor] EJBException in method: public abstract java.util.ArrayList com. sun.ebank.ejb.account.AccountController.getAccountsOfCustomer(java.lang.String) throws java.rmi.Remo teException,com.sun.ebank.ejb.exception.InvalidParameterException,com.sun.ebank.ejb.exception.Custom erNotFoundException: javax.ejb.EJBException: SecurityException. I don't see anything from the log file. This seems to be a Customer LocalHome findByPrimaryKey call. But this appears to be an unchecked method. Nothing I do seem to make any difference. I cannot understand why the problem does not show up when the other application-policy is being used but fails with a dukesbank application-policy for the ejb side of duke's bank. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025581#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...