I am thinking to create a plugable authentication/athorization module which will interact with the third party web services. I did some research on this topic, here are my findings: 1. Collect the userid/password/other security data from the login form; 2. Pass the above data to the customized CallbackHandler; 3. Initialize the LoginContext("configration on the loginmodule", the customized callback handler); My questions are: Can the JBoss container initialize the LoginContext automatically via login-config files? Do I need to create two plugable customized modules: one for Authentication, one for authorization? Can you provide any sample configurations on the J2EE decalarative and JACC compliance related confgurations, thanks in advance View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4094812#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...