Kosmi, Thanks for the help. I think, as it turns out, the error described: 13:58:50,015 ERROR [UsersRolesLoginModule] was due to my login-config.xml being deployed in my application war WAS NOT CORRECT. I had to remove that file and place the application-policy definition inside of the containers login-config.xml at $JBOSS_HOME/server/default/conf/login-config.xml. Can anyone on the jboss team confirm that for me. I am 99% sure, but it may be a bug as the documentation says to put login-config.xml in your web.xml. Now back to the problem. I'm very close now, I think. I've got it calling my database. It fails every time but there are two scenarios: 1. I enter a bad UID and password on purpose and get this in the logs on DEBUG level" | 12:56:09,375 DEBUG [[localhost]] Process request for '/myauth/' | 12:56:09,375 DEBUG [[localhost]] Checking for SSO cookie | 12:56:09,375 DEBUG [[localhost]] SSO cookie is not present | 12:56:09,390 DEBUG [AuthenticatorBase] Security checking request GET /teenfit/ | 12:56:09,390 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[myauth]' against GET / --> true | 12:56:09,390 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[myauth]' against GET / --> true | 12:56:09,390 DEBUG [AuthenticatorBase] Calling hasUserDataPermission() | 12:56:09,390 DEBUG [RealmBase] User data constraint has no restrictions | 12:56:09,390 DEBUG [AuthenticatorBase] Calling authenticate() | 12:56:09,390 DEBUG [DatabaseServerLoginModule] Bad password for username=user | 12:56:09,390 DEBUG [AuthenticatorBase] Failed authenticate() test | 2. I enter a good UID and password and still don't get logged in, but the bad password message is no longer in the logs. Any ideas? | 12:56:01,062 DEBUG [[localhost]] Process request for '/myauth/' | 12:56:01,062 DEBUG [[localhost]] Checking for SSO cookie | 12:56:01,062 DEBUG [[localhost]] SSO cookie is not present | 12:56:01,062 DEBUG [AuthenticatorBase] Security checking request GET /teenfit/ | 12:56:01,062 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[myauth]' against GET / --> true | 12:56:01,062 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[myauth]' against GET / --> true | 12:56:01,062 DEBUG [AuthenticatorBase] Calling hasUserDataPermission() | 12:56:01,062 DEBUG [RealmBase] User data constraint has no restrictions | 12:56:01,078 DEBUG [AuthenticatorBase] Calling authenticate() | 12:56:01,078 DEBUG [AuthenticatorBase] Failed authenticate() test | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985568#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...