Hi, I've been able to use FORM based authentication and authenticate the JBoss Portal user using my a JAAS security realm that uses module/password stacking. Now, I want to move away from using j_security_check but still use the login modules and my security realm. I made the changes to web.xml to comment out the security constraints and roles, and added a filter that explicitly calls LoginContext and uses the security realm. However, I can't get this to work as I get ClassCast and other Exceptions which I am sure are related to missing principals. I'ven't modified the login modules one bit, so what could cause this? Am I missing a step or two, in moving away from FORM-based authentication? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4070175#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...