Try marking them as transient: private transient String password; Such fields will not be serialized. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169325#4169325 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169325