Hello, Jaikiran! First of all, I'm sorry for the delay in replying to your post. That was because I almost don't use internet on weekends, and even though I used it I couldn't do anything to answer your post as all my environment to test the application is set where I work. Second, thank you very much for your detailed explanation about what could be happening in my application. Thank you for having the patience to produce tests to simulate what could be wrong. When you asked me if I was securing my application I didn't realised that you could be talking about something like the @RolesAllowed and @SecurityDomain annotations. I said I was using jboss.xml, but I wasn't. I was meaning jboss-web.xml. That was just a typographical error I made. When I make the changes to secure the application (applying the annotations above) the application worked correctly as your tests showed. Indeed, I was going to really secure that application, but I hadn't done that yet because I thought that it would have not changed anything related with the authentication method that we were using. So, now when I supply I user with the correct role, it can call the right bean methods, otherwise an security exception is throw. So, once again, Jaikiran, thank you very much for your patience and answers in this discussion to solve the problems that I was having with my desktop application. As I said, that was of paramount importance to me. Marcos View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4162824#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...