did you use ClientLoginModule in your client app?
Yes, here's my auth.conf:
sorry, i meant the jboss ClientLoginModule
I can not see from here if your be.ac.rug.security.loginmodules.ClientLoginModule is implemented correctly.
Why don't you just use the jboss ClientLoginModule?
I just tried using the jboss ClientLoginModule, but the problem is still there.
The reason we're using a custom ClientLoginModule is because we need a username, password and pin-code to log in.
OK, i found the problem, the login-config on the server had the wrong login module.
Let me clarify this: using your own custom login module is ok, but in a client application (i.e. a different VM) you should combine your own custom login module with JBoss' ClientLoginModule. The last will take care of associating proper security credentials with any thread that is calling an EJB. If you are not using this module, you might get such behaviour as you described: the login succeeds, but subsequent calls fail with a security exception.
Hope this helps...