I'm facing the same problem as outlined in the following thread: http://jboss.org/index.html?module=bb&op=viewtopic&t=98307 I did not see any solution posted to this. Basically, an EJBAccessException is thrown once the destroy() method is called for Beans secured with @SecurityDomain. As the author of the thread explains, the thread calling "destroy" (which is initiated by the user logging out) has already expired the session, which probably results in null credentials and as such disallows the destroy call. Any suggestions?[/url] View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025405#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...