I've just committed a change to cvs that will allow you to override the message key used for the login success/failure messages. I.e. if you don't want a message, set loginSuccessfulKey to an empty string, e.g. <security:identity authenticate-method="#{authenticator.authenticate}" | security-rules="#{securityRules}" | loginSuccessfulKey=""/> | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4020548#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...