Hi, What I have to if I want to use the WebAuthentication further? Do I have to change the complete login to Web based authentication? I've seen I need then j_security_check, but I always get then that this resource is not available from tomcat. For now I tried to use the WebAuthetication but the user is not authenticated then. I only get this error: | vwg.audi.cancard.MyApplicationException: User is not authenticated or the isUserInRole check failed at vwg.audi.cancard.ui.action.Login.execute(Login.java:177) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:441) at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:280) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:243) at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:165) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:252) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:122) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:179) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at | ... | The code I used in my Struts2 action: | if(username == null || password == null) | throw new RuntimeException("username or password is null"); | WebAuthentication pwl = new WebAuthentication(); | pwl.login(username, password); | | //Only when there is web login, does the principal be visible | log.info("User Principal="+ServletActionContext.getRequest().getUserPrincipal()); | //Some basic checks to see if the user who just did a programmatic login has a role of "AuthorizedUser" | log.info("isUserInRole(Authorized User)="+ServletActionContext.getRequest().isUserInRole("AuthorizedUser")); | if(ServletActionContext.getRequest().getUserPrincipal() == null || !ServletActionContext.getRequest().isUserInRole("AuthorizedUser")) | throw new MyApplicationException("User is not authenticated or the isUserInRole check failed"); | | //Log the user out | pwl.logout(); | | if(ServletActionContext.getRequest().getUserPrincipal() != null || ServletActionContext.getRequest().isUserInRole("AuthorizedUser")) | throw new MyApplicationException("User is still authenticated or pass: isUserInRole(Authorized User)"); | In my log I see these two lines: | 10:21:16,515 INFO [Login] User Principal=null | 10:21:16,531 INFO [Login] isUserInRole(Authorized User)=false | But now the output of my JAAS login module is missing. I think that this is not running anymore. Something is missing... Regards, Michael View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4260010#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...