I'm working on an ejb3 application with an web-frontend wich is located on an external tomcat. When I use the ClientLoginModule in a test-Client there is no problem, but when I try to use it in a security-constraint in the web-app always the declared error-page is shown. I've read in the doc the ClientLoginModule only stores the username and password for use within an request to an ejb. When I'd like to use it this way (as I described above) do I have to implement my own LoginModule or is it possible to use the ClientLoginModule? Or is there an already existing implementation for this usecase?