FarmerBeanRemote farmerBean = UserSession.getInstance(getShell().getDisplay()).getMasterDataServices().locateFarmerBean(); | try { | farmerBean.setAnything(this.actor, id); | } catch (Exception ex) { | throw new RuntimeException(ex); | } Obtaining of RAP client's user session: public static UserSession getInstance(Display display) { | return SessionAccessRunner.getUserSession(display); | } Bean lookup: public FarmerBeanRemote locateFarmerBean() { | try { | Object objRef = getInitialContext().lookup(FARMER_BEAN); | return (FarmerBeanRemote) PortableRemoteObject.narrow(objRef, FarmerBeanRemote.class); | } catch (Exception ex) { | throw new RuntimeException("Failed to lookup FarmerBean: " + ex.getMessage(), ex); | } | } The lookup does work, as well as using methods from that bean. Yet the injected SessionContext isn't aware of the login process. It is a RAP-Client (Rich Ajax Platform) deployed to JBoss. Practically it's running inside a JVM on the server. But any UI elements are rendered in an internet browser (using qooxdoo Javascript-Engine). It's RCP for the web browser. As far as I understand, a component called ServletBridge does this: "org.eclipse.equinox.servletbridge.http: Hooks back into the servlet bridge and proxies requests through to the servlet container to provide an OSGi Http Service." Via a webpage (login.html) before the RAP-Application starts, see web.xml above. Maybe this isn't all about JBoss Security, but has something to do with how RAP handles requests, as I found here: http://dev.eclipse.org/newslists/news.eclipse.technology.equinox/msg04603... View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4263004#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...