JBoss will provide security context only on protected web resources access, declared in the web.xml file. If you request a public resource, even if you previously authenticated yourself, the principal associated to the request will be 'null'.
I'd suggest you check this by changing your security constraints in the web.xml in the following way : ... <security-constraint> <!-- Sample Security Constraint --> <web-resource-collection> <web-resource-name>LoginFilterTestCollection</web-resource-name> <url-pattern>/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> ... This means that the complete web application if protected. If you try to access any uri associated with such web application, you should be redirected to the login page. Once authenticated, each time you try to access any resource associated to your web application, the principal should always be available. Regards, Gianluca. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3853346#3853346 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3853346 ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user