Hi Pablo, the security domain has to be declard in jboss-web.xml if you want to use it, otherwise the security constraints in web.xml will not trigger your login module. It could look like this: <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd"> | | <jboss-web> | <security-domain>java:/jaas/mysecuritydomain</security-domain> | <context-root>...</context-root> | ... | </jboss-web> For JBoss login modules, you should take a look at the JBoss guide: http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html#ch8.cu.... There you will find a small sample. If you speak german you can find a working sample here: http://www.informatik.fh-wiesbaden.de/~knauf/SWTVertiefung2006/security/i... Hope this helps Wolfgang View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060885#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...