"julien(a)jboss.com" wrote : | | do you mean that it should switch to HTTPS ? if yes it is certainly a good idea but it cannot be enabled by default as HTTPS is not activated by default in tomcat. No, I mean Roy told me that if login was a portlet there were possible security issues, and if it can't be done in a way that isn't hackable then it isn't worth doing. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959983#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...