In fact that's what I ended up doing and it worked fine in JBoss 4.02. But in 4.04 and 4.05, I was getting 'No role found' error from 'JBossSecurityMgrRealm'. And, I fixed that one by using a <role-name>*</role-name> in the applicaitons 'web.xml'. It works for me as I am not authenitcating against any domains. The applicaiton is open for all the authenticated domain users. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989567#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...