recentlly I try the EJB3.0. I met a problem. I use the org.jboss.security.auth.spi.DatabaseServerLoginModule as login-module. I store the user and role information in a mysql database. I dynamic assign a role to a user by changing the database. The jboss security system do not take effect right now until I rebooted the jboss server.