There are many ways to declare a securityDomain. The way I have implemented it is to put a MBean inside the conf/jboss-service.xml that looks something like this: | <mbean code="org.jboss.security.plugins.JaasSecurityDomain" | name="jboss.security:service=SecurityDomain"> | <constructor> | <arg type="java.lang.String" value="CertLogin"></arg> | </constructor> | <attribute name="KeyStoreURL">resource:key/esb.keystore</attribute> | <attribute name="KeyStorePass">*****</attribute> | <attribute name="TrustStoreURL">resource:key/esb.keystore</attribute> | <attribute name="TrustStorePass">*****</attribute> | <depends>jboss.security:service=JaasSecurityManager</depends> | </mbean> | In your case you would have to change CertLogin into secureDomain. You can also define your securitydomain using web.xml and jboss-web.xml just look at the jmx-console example in the Jboss WIKI. Hopes this helps! Regards, Hans View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259550#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...