What about simply using a custom principal on server side, one that contains your user information? This works perfectly, even with stateless session beans, since the principal information is stored in the authentication cache between the server calls. You can easily access the custom principal via the SessionContext.getCallerPrincipal() method. more info on using a custom principal can be found on the wiki: http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingCustomPrincpalsWith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4134768#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...