Hello, We have written a custom Tomcat valve-realm implementation that integrates our JBoss servers with a CAS-SSO system. Our valve-realm implementation supplies the Principal to the HttpServletRequest and handles invocations of isUserInRole(String role) on the HttpServletRequest. This eliminates the need for an application-level authentication-authorization system. Our developers simply write security constraints on URL's in web.xml and 'hook into' the SSO system by supplying a Tomcat context.xml file in WEB-INF. I've looked at the seam security module - I see that I can specify a 'jaas-config-name' but we're not even using that since the container (via context.xml and web.xml) is now deciding whether or not authentication/authorization is required for a request. My question is how do I make the Identity component simply delegate to the HttpServletRequest for invocations of the isUserInRole()? In looking at the code for Identity, it doesn't seem like this would work out of the box since Identity has its own concept of a Subject... Thanks, Brad Smith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024268#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...