It's no longer obvious that a user named "quickstartUser" with password "quickstartPwd1!" and "guest" role needs to be added before attempting to run the ejb-security quickstart. This should be made more clear.