I managed to eliminate the logout problem; it was a misconfiguration within my web.xml file. The web page calling the EJB method was not within the restricted area any more, that's why a logout was performed.
Now the first EJB method call is successful, but as soon as I want to start a second call, the login page (declared in web.xml) is presented again. The user has to authenticate himself for every call, the principal/subject-information seems to get lost after every EJB call. I'm using JavaServer Faces, with lots of backing beans, and most of them have to perform some EJB calls --> how do I manage to pass the security information along to keep the authentication? Any help would be really appreciated. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3848531#3848531 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3848531 ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user