Hi, We 're using JBAS 5.1.0 GA with JASS authentification in a EJB stateless client GUI standalone. At the server side we 're using a ClientLoginModule and a ServerLoginModule at the server side. We have a problem with the login/logout mechanism because each client can modify dynamically his password and when he exit we do a logout with the ClientLoginModule . The problem is the logout at the client side (ClientLoginModule ) doesn't call the 'logout' at the server side (ServerLoginModule ) and when the user reconnects at the first time he get this error : anonymous wrote : | java.lang.IllegalStateException: Security Context has not been set | at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:151) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) | at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186) | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264339#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...