Hi,
now it works well.
We found out that our mistake was that we did not secure our EJB methods with a
@RolesAllowed(value = { "myrole"})
annotation. So the programatic login modul did collect our credentials but there was no need to use them as the ejb was "open" for ANONYMOUS.
We did look over this because our web modul have defined such a security level inside the web.xml
thanks for your help
Raph
[Message sent by forum member 'rsoika' (rsoika)]
http://forums.java.net/jive/thread.jspa?messageID=216491