I am experiencing a similar (identical?) bug that was reported in http://jira.jboss.com/jira/browse/JBAS-1852?page=com.cenqua.fisheye.jira:... and reported fixed in JBoss 4.0.3. I access a session bean twice from the web tier, as an unauthenticated user. The session bean function is basically a wrapper to ctx.isCallerInRole(roleName). On the second time that function is called I get javax.security.auth.login.FailedLoginException: No matching username found in Principals On the first call, there is no problem. Setting the unauthenticatedIdentity option does not help. I have tried both 4.0.4GA and 4.0.5GA and the problem is still there. I wanted to do a sanity check before filing a JIRA report. Any comments? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023301#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...