I have specified the loginModule to use via @SecurityDomain(value="THZone") in my bean. I have also configured the login module in login-config.xml as shown below. I am not able to log in and authenticate, but the roles are not passed through. Where can I configure how the roles are obtained. @RolesAllowed("friends") or System.out.println("Principal is a friend :"+context.isUserInRole("friends")); Currently don't seem to work. I also tried to implement my own login module return my own implementations of Principal and had the same problem as using the org.jboss.security.auth.spi.UsersRolesLoginModule on. The results are that the principal is passed through and accessible through the context, but the roles are not. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098717#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...