Thanks a lot ! I have just started looking at Acegi. That was my first question... for using in portlets. what could be is : try to inject the principal coming from acegi into the portlet. For this : find where this is done in the portal management of portlets (which service or interceptor is doing this). May be look at the jmx service for the locale interceptor : name="portal:service=Interceptor,type=Server,name=Locale" the way it works is similar, and if I remember, there is a security service in the same stack of interceptors. that should be the place. but still, it would be only the principal, so you won't get all the features from acegi... so direct access of Acegi SecurtityContextHolder, from within the portlet code, should be better. for what I have seen in Acegi doc (very well done), you access the Acegi authentication context through a singleton class (SecurtityContextHolder), that is ThreadLocal. As SecurtityContextHolder is a ThreadLocal singleton, I guess there is something more to do, to have the same singleton for all the portlets. The one that was built during the authentification process (not a new one from the portlet instance thread). so the thing would be to have this SecurtityContextHolder stored in the session, or in a jmx service that give it for each active session... Thing to look at : what classloader/thread is making the instance of SecurtityContextHolder ?... and see how to get it from there, for any portlet. hope it helps... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4028755#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...