Summary: Broken servers seem to be having issue forwarding unauthenticated POST requests. Forwarded POST request done by Vaadin client side initialization somehow becomes GET request when it arrives to VaadinServlet -> FAIL. Possibleworkaround is to use 307 redirect. More details at: https://github.com/mstahv/vaadin-cdi-jaas-jbossas-example I've asked the user to file a bug for tracking purpose. Any suggestions in the mean while ? Arun -- http://blog.arungupta.me http://twitter.com/arungupta