Ok. Logging into the application now works. The trick was to have the following lines in the jboss-web.xml: | <context-root>/</context-root> | <virtual-host>newhost</virtual-host> | I also had to move my .war file back into the deploy folder. What I noticed was that the class org.jboss.security.auth.spi.UsersRolesLoginModule never seemed to be called (by inspecting the server.log), if the above definition was not present. The only way to get that class to be called during application login ,was to have the war file in the <JBOSS_ROOT>/server/default/deploy folder. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027272#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...