As per the documentation of ClientLoginModule (http://wiki.jboss.org/wiki/Wiki.jsp?page=ClientLoginModule) : anonymous wrote : Note that this login module does not perform any authentication. It merely copies the login information provided to it into the JBoss server EJB invocation layer for subsequent authentication on the server. If you need to perform client-side authentication of users you would need to configure another login module in addition to the ClientLoginModule . So if you are using isCallerInRole in your EJB, you will require a *authenticated* user, in which case you will require a additional login module which will do the authentication(as mentioned in the quote above) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973799#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...