Hi Steve, this is possible. JBoss security is configured through a file "login-config.xml", where you declare the login modules for security domains. There is an option for each of those configs whether the login module has to succeed or whether another module is used as fallback when it fails. You might start with the JBoss security FAQ: http://www.jboss.org/community/wiki/SecurityFAQ Sorry for my short reply, I don't have much more time now, but I am willing to help another day. Best regards Wolfgang View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258193#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...