Thank's for your answer. Your help is precious. But I ask me some other questions. anonymous wrote : If you need to perform client-side authentication of users you would need to configure another login module in addition to the ClientLoginModule . I was first using LoginInitialContextFactory. Does this module perform client-side authentication ? If not, can you send me a piece of code that does perform client-side authentication ? anonymous wrote : | So if you are using isCallerInRole in your EJB, you will require a *authenticated* user, in which case you will require a additional login module which will do the authentication(as mentioned in the quote above) | You mean that all code found on the internet does not authenticate ? I can'et believe thsi because all are talking about login and password. Are you sure I need another module client side ? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974330#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...