thanks for that Scott, I was hoping that wouldnt be the conclusion. A collegue of mine suggested another solution:
"Use declarative security in the web tier (FORM) and once logged in the principal details are available in the EJB tier" Aparantly it was not with JBoss but the container login called JAAS automatically. It sounds like the ideal solution but I guess it depends on the container implementation. I am gonna try it tonight but is there any reason why if I did a FORM authentication it would be propagated to the EJB. Lea. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3848018#3848018 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3848018 ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user