Victor, It is doing what you have configured it to do. Webapp#2 is secured using the "other" security domain. So when a user attempts to access a secured resource (i.e. your servlet), the conatainer performs BASIC authentication via the UsersRolesLoginModule. Thus you have set some principal username, and string password in the x.properties files that is referenced by the URLM. This is successfully, and a principal is established. Well call this principal "admin". The servlet then tries to access ModerEJB. This bean is secured via the "db_store" security domain. So the databaseServerLoginModule is used to authenticate "admin". However, "admin" is not in the database so an LoginException is being thrown. The method is marked unchecked, but see Q 1 at http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959229#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...