Hi Nicole, what page is accessed when the 403 comes? It is probably part of the "secured_pages" directory? As this error 403 is coming, it seems that the user is authenticated, but the role mapping does not work as expected (though the log tells something different: "Assign user to role java"). Whenever I had read about this login module, the roles query always contained 'Roles', not 'roles'. Try to change the 'r' to upper case. But I don' think that this might be a reason. Is there anything special in your app? The console output shows this line "ControlFlag: Anmeldemodul-Steuerflag: required", and as it is german, it sounds like something non-standard ;-) Best regards Wolfgang View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227174#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...