krish- JBoss Portal relies on JAAS/Tomcat integration for setting up the Portal security Subjects. So in your case I would recommend using a Tomcat Valve to process your authentication and set up the Subjects the way JAAS does it inside Tomcat. There is a fair bit of hacking involved here. btw- why can't you re-use JBoss Portal's JAAS mechanism and just plug in your own LoginModule for your application specific authentication logic? Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071388#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...