Hi Wolfgang, yes I've enabled the security layer debugging. There is no more output on my JBoss then that waht I've posted already. I don't know what you have expected. After trying a simple Servlet application with WebAuthentication as described in the blog, the same error "Caller unauthorized" comes up on the access of an EJB3 bean when there is a @RunAs annotation. So for now I continued with checking if the EJB3 context gets the user authentication correctly. Now I have tried to see what happens when I do a | log.info(request.getUserPrincipal()); | log.info(request.getRemoteUser()); | log.info(request.isUserInRole("AdminUser")); | The results are: | extern.michael.obster | extern.michael.obster | false | The conclusion from my point is that there are 3 possible errors: 1. The authentication gets lost, so the request don't know the role of the user. 2. The JAAS gets confused about which ID has to be used to get the role for the user 3. The roles query has a wrong result. After some debugging I found out, that my roles query returns a result with some other columns the JAAS system does not expect. So correcting the roles query fixed my problem. But thank you for your help. It was not useless, because I got some more knowlegde how to debug the security layer ;-). For people who have the same problem, check if your result from the roles query contains the columns "name" (with the name of the role) and "role_group"! Cheers, Michael View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4261407#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...