I have created a custom login module that I use to restrict web service access. The module extends the UsernamePasswordLoginModule and authenticates requests against a proprietary authentication server. JBoss/JAAS reads the username and password from the request's authentication header. I would like to change from usernames and passwords to cookie based authentication, but do not understand how to register a new authentication protocol. I'm assuming I need a callbackhandler of some sort. Is there a way to create a custom callbackhandler and associate it with a custom login module? If so how do you go about doing it? Thanks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4246809#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...