anonymous wrote : 2006-10-25 21:10:19,625 ERROR [STDERR] Debug: AccountControllerBean getAccountsOfCustomer | 2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200 | 2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170] | 2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121 | 2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true | 2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true | 2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: 200 | Principal: Roles(members:bankCustomer) | , sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982} | 2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982} | 2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] doesUserHaveRole(Set), subject: Subject: | Principal: 200 | Principal: Roles(members:bankCustomer) | | 2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] roles=Roles(members:bankCustomer) | 2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] hasRole=false Looking at the logs the user has been authenticated successfully but he does not have the necessary roles to use the getAccountsOfCustomer method. In your ejb-jar.xml check what role is required to access this method. The you will have to login with that username/password to be able to successfully invoke this method. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980885#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...