You say anonymous wrote : role names are not too usable in our organisation.. A role doesn't necessary have to be something like 'manager', 'supervisor',... You can have your organization define an 'application type' role (i.e. YourApplicationName role) within LDAP that includes all the users you want to give access to your application to. Then, use that role in the auth-constraint section. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981083#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...