1) This question should go to the user forum.... 2) Yes its the expected behavior. Portlet and Servlet exist in the same web application, so you can for example share session between them (PortletSesion is a wrapper around HttpSession) in application scope. But remember that Portal is also separate web application itself. So when you log in you authenticate against portal web app - not portlet web app. Communication between portal and portlet is done by instrumenting portlet web app with special servlet and context dispatching. If you need to validate that user is authenticated, store some kind of token into PortletSession and try to obtain it from HttpSession in your servlet. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4028973#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...