is this a web app or a web service? if it is a webapp, have you connected the security handler ( in your code, "ldap-security") with the security-constraints in your app. there is documentation for doing this so i will not repeat it here. if it is a web service, make sure the end point knows about the security handler. if you are using EJB3 endpoints, you will need to add the @WebContext and @SecurityDomain annotations. if you are deploying it in a more traditional format, the xml descriptor files will need to be updated to include this linkage. == stanton View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166720#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...