Are you referring to the booking example? The reason why it works in the example is because of this little bit of code in the AuthenticatorBean: @Out(required=false, scope = SESSION) private User user; when a user logs in the user entity is outjected to session scope, allowing it be used by other beans. When you think about it it makes sense that an exception is thrown, how can you inject the current user if they have not logged in yet? @In without create=true is basically saying that you want an initialized User injected, with create=true you are saying that you do not care if it has been initialized or not, you just want a user. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4091809#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...