Hi and thanks for your quick answer, Yes, as Q3 shows I've added to my config-file the line: <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> but it does not work. If I use a jsp login form (j_security_check) it works fine; my login method consists in a Delphi Application that sends the user and password to the server into a HTTP request; then a servlet gets the request and execute the JAAS login code, loginContext = new LoginContext("GTSPDB", new MyCallbackHandler(user, password)); | loginContext.login(); | really the process is quite simple so I think I'm forgetting something. Any idea¿? thanks very much, View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4080385#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...