&quot;sohil.shah(a)jboss.com&quot; wrote : Yes you are correct. New security realm is not the issue. Its inability of the Servlet Environment to properly populate the security information needed by JBoss Portal. | | In fact why dont you try swicthing the portal security realm to your custom/shared security realm and its LoginModules. You will still need to use the deep JAAS/container managed approach, but you will be using the security realm which is shared by all your applications. | | You should be able to do this by: | | 1/ Modify <application-policy name="portal"> inside jboss-portal.sar/conf/login-config.xml to | <application-policy name="{your security realm here}"> | | 2/ Inside jboss-portal.sar/portal-server.war/WEB-INF/jboss-web.xml make <security-domain>java:jaas/portal</security-domain> to <security-domain>java:jaas/{your security realm here}</security-domain> | | Note: even with this approach you will still need to use the container based/j_security approach for Portal to be properly populated with the security information. | | btw- I have never tried swapping the realm this way for Portal. This is in theory, so let us know if this actually works ;) | | Thanks Sohil, This is exactly how I have it now. It is working as I expected it to. And I've had this working this way for a while. However, as I mentioned earlier, the requirements changed and for some other reasons, I can't do that anymore and I need to be able to explicitly invoke the login module. This is where the problem creeps up. I disabled container managed security for app #1 that is also deployed in JBoss and uses the shared security realm. All works well because that is our app and we control the authorization. It doesn't work for app#2 (using JBoss Portal) as the authorization is beyond my control. Actually, I even ran into a NPE from the JBoss Portal code (a Portal bug that I need to file a jira issue for) but I managed to get past it by doing some hacks. However, I am now at the point where the subject doesn't contain any principals. The only, last thing I need is a way to add the principals to the subject. How do I get a handle to the subject so that I can add the principals, is the million dollar question at this point.... Have spent hours on this (identify the NPE, finding a hack for it, etc.) so any solutions to this would be immensely helpful and truly appreciated!! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071672#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...