My conclusion so far: To do a login, first create an InitialContext using a plain old org.jnp.interfaces.NamingContextFactory as the initial context factory. On the server side, have a bean called "LoginCheck" or something, which takes a username and password as args, and returns boolean. On the client side, if that bean returns true, THEN it is time to create another InitalContext but this time using a JndiLoginInitialContextFactory, storing username and password credentials in it. Then everything is good to go. If this really is the only way to do it, that is retarded, and it's probably the fault of JAAS. No matter how powerful the thing is, if it doesn't provide a reasonably good way for clients to be able to log in and display back to the user, "your password was incorrect", the whole thing is junk. Yes it can be used, and I like the fact that I can put annotations on my beans to enforce roles on them, but how hard could it be to get this thing right? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4017481#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...