Our app works great in production on AS 4.2.1. We are trying to migrate to AS 5.0.1. In the middle of a method in a session bean, it seems like it forgets the security domain. Even calling a create method on the local home of an EJB 2.1 which has already been called earlier in the method can cause the problem. It always occurs at the same point, but we can clear it by moving code up the method but then the problem occurs somewhere else such as calling some local interface method on an EJB that has already been instantiated. We are using a security domain with a custom login module. Here's the stack trace, Any ideas what's going on ? Thanks !! 2009-04-05 15:29:17,993 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (ajp-192.168.11.4-8009-5) Creating SDC for domain=BYPASSED-SECURITY 2009-04-05 15:29:17,994 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.BYPASSED-SECURITY] (ajp-192.168.11.4-8009-5) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@1ba7069 2009-04-05 15:29:17,994 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.BYPASSED-SECURITY] (ajp-192.168.11.4-8009-5) CachePolicy set to: org.jboss.util.TimedCachePolicy@12a38da 2009-04-05 15:29:17,994 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (ajp-192.168.11.4-8009-5) setCachePolicy, c=org.jboss.util.TimedCachePolicy@12a38da 2009-04-05 15:29:18,024 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] (ajp-192.168.11.4-8009-5) Failed to load users/passwords/role files java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) ..................................................... at $Proxy326.getAccounts(Unknown Source) ........................................................... 2009-04-05 15:29:18,036 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] (ajp-192.168.11.4-8009-5) Error in Security Interceptor java.lang.SecurityException: Authentication exception, principal=gsmith at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321) at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243) at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211) at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:134) at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java:81) at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205) at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138) at org.jboss.ejb.EntityContainer.internalInvoke(EntityContainer.java:533) at org.jboss.ejb.Container.invoke(Container.java:1029) at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:436) at org.jboss.ejb.plugins.local.EntityProxy.invoke(EntityProxy.java:65) at $Proxy326.getAccounts(Unknown Source) View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4223527#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...