You could use a database or ldap server login module instead - the password in the database or ldap could be encrypted. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4213167#4213167 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4213167