Alternatively enable tracing on org.jboss.security and get the real exception. catch(LoginException e) | { | // Don't log anonymous user failures unless trace level logging is on | if( principal != null && principal.getName() != null || trace ) | log.trace("Login failure", e); | authException = e; | } View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4252711#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...