Ok, could be that the LoginModule de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule you are using is not building an authenticated Subject the way JBoss is expecting it.
I'd suggest you to change the debug level of the org.jboss.security.auth.spi package to TRACE. With this you will be able to see more details about whats happening in the Login Module. Would be usefull if you make a followup with it. Another thing: In your web tier if you do a 'request.getUserPrincipal()' what is the result ? Do you get 'null' or a valid Principal ? If you get 'null' here don't expect the Security Manager in your EJB tier, to know which is the username to be used when invoking the login module. Regards. Gianluca. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3853132#3853132 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3853132 ------------------------------------------------------- This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user