Thank you for reply. Here your example is valid when invoking a remote EJB method. But my problem is when logging in a custom login module if i throw an exception to client, jboss-remoting api absorbs that exception and client gets a generic exception. So your example could work after login to login module.
Ah, I think I see. So it's the LoginModule exception at the point of establishing a remoting connection that gets thrown away?
What I do is use a single "magic" username and password purely for establishing the connection (and a security-realm specifically for that). That allows the connection to be established in a simple way. And then I have a security-domain for my EJBs, which uses my custom login modules. The EJB credentials are passed using an EJB Client interceptor and picked up by the container interceptor, as described in that security quickstart I mentioned earlier.
Hope this helps - I do agree though that this is not as easy as it should be!