The easiest solution is often the most overlooked, at least with most of my mistakes. The problem was my jboss-web.xml. While I forgot to include it in the original post, it did have my desired security domain. However, it was not getting deployed in my .war file, hence why it would only hit the 'other' security domain. The next problem I ran across was caching of the authentication credentials/roles. I found this page on credential caching in JBoss which seems to have helped. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227887#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...