I placed the code in the UsernamePasswordLoginModule so that it would work with the existing modules Database, LDAP etc. I was looking at the code and was thinking that one possible refactoring could be to seperate the login mechanism (standard login, hashed login, sasl) from the user/roles repository (database, LDAP, file), perhaps using a strategy pattern or similar. Mike. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027968#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...