Hi! Thank you for your response! As I mentioned only textual to spare the reader some extra code quotations, the dbAccess.athenticate(...) methode is executing a native SQL query through the injected EntityManager (@PersistenceContext private EntityManager em;): | <..snip - just constructing the Strings used in the following ..> | Query q1 = em.createNativeQuery("select * from login ( :username, :password, :clientIP, :zopeId, :userAgent, :host);"); | q1.setParameter("username", username); | q1.setParameter("password", password); | q1.setParameter("clientIP", clientIP); | q1.setParameter("zopeId", zopeId); | q1.setParameter("userAgent", userAgent); | q1.setParameter("host", host); | Object res = q1.getSingleResult(); | log.debug("Got result from login: "+Arrays.toString((Object[])res)); | Long accountId = ((BigInteger) ((Object[])res)[0]).longValue(); | String token = (String) ((Object[])res)[1]); | return (accountId != null && token != null); | Also I've tested that the method - it is returning solely true or false whether the user could be authenticated or not - no exceptions are thrown. Additionally the authenticator.authenticate() method is called twice even if I don't call dbAccess.authenticate() but return "false" every time. Best Regards, Kurt View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098244#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...