Thanks for the reply, the deployment is taken from Anil's page which talks about EJB/WEB security. The nice thing about it is that it comes with the application rather than configured in the server. I changed my module configuration for authorisation to use DelegatingAuthorizationModule, and then added a restore-login property on the module and then it worked. I am still going to test it for multiple concurrent users. Zithuba View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222531#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...