Indy, I assume you have been checking out the jbosssx lib in source. This has an authorization manager class. Instead of calling the usually login(), you use the managers authenticate(), you can use this class as it look like it does alot of account setup. It also puts the user information into a cache, I'm thinking this is what is missing just a guess though at this point. Cheers View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4075525#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...