Hi, I am sucessfully using RunAsLoginModule so my custom LoginModule can access secured EJBs. The problem I am having is that in the case of incorrect username/password the RunAsLoginModule is not removing the principal it is creating so the 'Forms Based Authentication' thinks the login has worked, but the Principal has no roles so I get a 403 error rather than being sent to the loginError.jsp. The principal name is the incorrectly entered one. Is this how it is expected to work? Many Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046738#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...