I solved my own problem. Here is for all that may face the same situation: The solution is that your webapp jboss-web.xml file should map the protected context as: | <?xml version='1.0' encoding='UTF-8' ?> | | <!DOCTYPE jboss-web | PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" | "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd"> | | <jboss-web> | <context-root>/</context-root> | <!-- Uncomment the security-domain to enable security. You will | need to edit the htmladaptor login configuration to setup the | login modules used to authentication users. --> | <security-domain>java:/jaas/default</security-domain> | </jboss-web> | | and the login-config.xml should match that: | <application-policy name = "default"> | <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required"> | <module-option name="usersProperties">props/users.properties</module-option> | <module-option name="rolesProperties">props/roles.properties</module-option> | </login-module> | </authentication> | </application-policy> | | do a restart and then everything should work. Regards, George View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149473#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...