Hi, first step: add a "SecurityDomain" annotation to your ejbs: @Stateless | @org.jboss.ejb3.annotation.SecurityDomain(value="mysecuritydomain") | public class MyBean ... second step: edit the file "JBOSS_HOME\server\default\conf\login-config.xml" and add an entry "application-policy" for your security domain. A newer way of configuring it is found here: http://server.dzone.com/articles/security-features-jboss-510 How do you want to login? third step: see Security FAQ at http://www.jboss.org/community/wiki/SecurityFAQ, question 10 for a simply approach to application client login. Hope this helps Wolfgang View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264624#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...