Hi ragav, Yes I am using a java client, yes first the user will login to the system by accessing the secured subsystem and after that he can access any other subsystem without any authentication, that is my requirement. But, after successfull login when the user trying to use a unsecured subsystem and an ejb from this unsecured subsystem wants to access a ejb from the secured subsystem the call fails with the error Caused by: javax.security.auth.login.LoginException: Username not supplied. | at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.throwLoginException(JDbLoginModuleImpl.java:322) | at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.getUserName(JDbLoginModuleImpl.java:368) | at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.login(JDbLoginModuleImpl.java:164) user - accessing secured ejb - internall calls LoginModule.login() login successfull - accessiing unsecured ejb - successfull - accessing a unsecured ejb, which calls secured ejb - failes So how this unsecured ejb can be enabled to call a secured ejb? I tried by defining the appropriate security-role-ref for the unsecured ejb also. But again the call from unsecured subsystem to the secured subsystem triggers the LoginModule.login() and the username is null; Is something wrong in my logic? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174148#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...