I want to let the users type in their login & password to log into my system. But at the same time, I would like to validate the client certificate also in addition to the login/password. Currently, if I use only the CLIENT_CERT, there is no way to force the user to type in their username password. I see this as a security risk on a computer open to *many*. So, I want to force users to login using their login/password. There seems to be no way to do this in JBoss, as far as I know. Please suggest a solution that can be used in this scenario. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4159906#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...