I wrote a new class that implements javax.security.auth.spi.LoginModule. I put an entry for it in login-config.xml. I made the class into a jar and put the jar in server/default/lib. It never seems to load. I changed the login-config.xml file and intentionally made the class name incorrect and that didn't throw any errors, so it seems like if it can't load the class it silently fails. Any idea what's going on? My login module is super-simple. All it does is send a log message when there is a login attempt. Surely there is a way to use a login module in JBoss? I don't want to go back to old-style security where I implement a password check on every single method in all of my session beans. I would love to use declarative security if it's possible. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4007718#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...