Thanks fpr your reply! anonymous wrote : | I believe that the login-config.xml file is loaded by the server, but actual SecurityDomain/SecurityManagers are not instantiated and bound in JNDI until they are needed. An example of when one would be needed is when an application specifically says, "I am using security domain x" at deploy time. | That is what I would have expected but this is not the case. While poking around some more I have finally figured out that the security domain is not instantiated at deployment time but on first access. Since some of the security domains are used internally they are visible in JNDI right after boot. Those that are configured but not used in the standard configuration are not visible until first use. Regards fhh View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962600#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...