Hi, We would like to have all the (anonymous) users of a web app authenticated with the same principal (the web app "owner") to the EJB tier. Our problem is that the fact that web users are unauthenticated seem to propagate to the EJB tier. We're using Weblogic 5.1. Users are serviced by a session statefull EJB. We set up the EJB when the user first accesses the application : user and password are set in the JNDI context and subsequent method calls on the EJB corresponding to the same HTTP request are authenticated. However, when the servlet accesses its session EJB on the 2nd hit, it won't be authenticated. Any ideas ?