Hi, This is my jboss-beans xml: <application-policy xmlns="urn:jboss:security-beans:1.0" name="lms-system"> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required" > <module-option name="dsJndiName">java:/lmsDS</module-option> <module-option name="principalsQuery"> select user_pass from admin_user where username=? </module-option> <module-option name="rolesQuery"> select role_name, 'Roles' from security_role where user_name = ? </module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name="unauthenticatedIdentity">LMS_USER</module-option> <module-option name="hashCharset">UTF-8</module-option> <!--module-option name="password-stacking">useFirstPass</module-option--> <module-option name="hashEncoding">base64</module-option> </login-module> <policy-module code="org.jboss.security.authorization.modules.JACCAuthorizationModule" flag="required"/> <!--policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/--> <!--policy-module code="org.jboss.security.authorization.modules.XACMLAuthorizationModule" flag="optional"/ --> </application-policy> <!--application-policy xmlns="urn:jboss:security-beans:1.0" name="test-domain2" extends="other"> <policy-module code="org.jboss.security.authorization.modules.XACMLAuthorizationModule" flag="required"/> </application-policy--> Client login code: securityClient.setSimple(userName, password.toCharArray()); // securityClient.setVmwideAssociation(true); securityClient.login(); context = new InitialContext(); later I then lookup with code: context.lookup(jndiName); This is the scurity audit log: 2009-03-30 18:29:06,672 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (WorkerThread#0[127.0.0.1:54686]:) [Success]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=123;method=findUserByName; 2009-03-30 18:29:06,883 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (WorkerThread#0[127.0.0.1:54686]:) [Error]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=Authorization Failed: ;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1168524}:method=public za.gov.housing.domain.model.User za.gov.housing.ejb.service.UserServiceBean.findUserByName(java.lang.String) throws za.gov.housing.common.exception.SystemException,za.gov.housing.common.exception.ApplicationException:ejbMethodInterface=Remote:ejbName=UserServiceBean:ejbPrincipal=123:MethodRoles=Roles(,):securityRoleReferences=null:callerSubject=Subject: Principal: 123 Principal: Roles(members) :callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1168524; my jboss.xml: <security-domain>java:/jaas/lms-system</security-domain> <!--unauthenticated-principal /--> <missing-method-permissions-excluded-mode>true</missing-method-permissions-excluded-mode> EJB: @Stateless @SecurityDomain("lms-system") public class UserServiceBean implements UserServiceRemote { @Override public User findUserByName(String name) throws SystemException, ApplicationException{ try { User user = userFacade.findByUserName(name); I get caller unauthorised exception View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222074#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...