I added a custom login module to debug this problem. It seems that the user and password are never passed to the login module. | public boolean login() throws LoginException { | logger.info("Login"); | NameCallback nameCallback = new NameCallback("User Name"); | PasswordCallback passwordCallback = new PasswordCallback("User Password", false); | Callback[] callbacks = new Callback[2]; | callbacks[0] = nameCallback; | callbacks[1] = passwordCallback; | logger.info("Configured callbacks"); | try { | logger.info("Handling callbacks"); | callbackHandler.handle(callbacks); | logger.info("Handled callbacks"); | } catch (UnsupportedCallbackException ex) { | ex.printStackTrace(); | } catch (IOException ex) { | ex.printStackTrace(); | } | String userid = "default"; | String password = "default"; | userid = nameCallback.getName(); | password = new String(passwordCallback.getPassword()); | logger.info("Processed callbacks"); | passwordCallback.clearPassword(); | logger.info("Attempt to login with :"+userid+" and "+password); | JAASUser user = new JAASUser(1,userid); | JAASRole role = new JAASRole("friends"); | subject.getPrincipals().add(user); | subject.getPrincipals().add(role); | return true; | } | I am still a little confused on where I am supposed to configure which Principal implementation is a User or a Role. I also tried adding a WebContext, but this resulted in a The request failed with HTTP status 401: Unauthorized. error without invoking the Login Module. Removing the WebContext annocation resulted in the Login Module being called, but without User / Password. @WebContext(authMethod = "BASIC", transportGuarantee="NONE", secureWSDLAccess = false) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098385#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...