"nickarls" wrote : Could there be a non-required outjection somewhere that could overwrite it before the call? The applicationUser is @Out-jected only once, that is in the authenticator class, which has EVENT-scope and should not be called. @Name("authenticator") | @Scope(ScopeType.EVENT) | public class Authenticator implements Serializable { | | @Out(scope=ScopeType.SESSION) | private ApplicationUser applicationUser; | | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098225#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...