Thank you very much. The goal was not to re-login when we access those remote service. But, I don't think there is an easy solution for that. For info, since the remote layer is completely private and not accessible outside our private network, I don't see any problem by not using security restriction. Of course, for public services, (Web, WS, and so on) we are going to use a strong security model. Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4164039#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...