Hello I wrote custom Authenticator Valve which extends BaseAuthenticator. We have some legacy stuff... I also have jboss-web.xml which reference this custome Valve and the Configured Security Realm in AS7. Every thing is working fine, but only if I put in web.xml <auth-method>CLIENT_CERT</auth-method> when I put <auth-method>CLIENT-CERT</auth-method> My custom Valve is never called. I see in Jboss AS7 stdout message about "no security constrain". With CLIENT_CERT it works.... Mabe someone can give me a hint what I'm missing... I wonder why I need CLIENT_CERT instead of CLIENT-CERT.... Radek Rodak