actually this is what one would expect. JACC mandates a context switch only if you go in an EJB component. Nothing is specified for request dispatch. When you request dispatch from portal or WSRP to the portlet application there is not context switch. In order to configure isUserInRole behavior of the portlet, you should look at what the spec defines. You can create security role refs in portlet.xml and also provide aliases for roles that have been loaded during the authentication against the portal. | <portlet> | ... | <security-role-ref> | <role-name>Admin</role-name> | </security-role-ref> | </portlet> | will enable the Admin role to be mapped to the Admin role provided by the login against portal or | <portlet> | ... | <security-role-ref> | <role-name>Admin</role-name> | <role-link>PortalRole</role-name> | </security-role-ref> | </portlet> | same but provide one level of indirection View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4031823#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...