David Lloyd [http://community.jboss.org/people/david.lloyd%40jboss.com] replied to the discussion "JSR-160 connectors security" To view the discussion, visit: http://community.jboss.org/message/535884#535884 -------------------------------------------------------------- Yeah you don't need a properties file, just something like this pseudocode: class YourAuth implements JMXAuthenicator {     String configName = ...get this from jboss-beans.xml...;     LoginContext context = ...get this from configName...;     YourCallbackHandler cbh = ...has writable properties for user/pass...;     [...]     public synchronized Subject authenticate(Object creds) {         String user, pass;         user = ((String[])creds)[0]; pass = ((String[])creds)[1];         // validate user/pass (not shown)         // now put it on cbh         cbh.setUserName(user); cbh.setPassword(pass);         // authenticate:         context.login();         Subject s = context.getSubject();         s.setReadOnly();         return s;     } } -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/535884#535884] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]