krish- anonymous wrote : | I have a servlet implemented that uses the LoginContext and invokes my security realm. It passes through the various login modules and authentication succeeds. However, JBoss Portal throws an authorization exception as the principals were never set. | Again, whats the reason for creating your own security realm being invoked by a servlet instead of using JBoss Portal's built-in security realm and just integrating your LoginModules into this realm instead of the out-of-the-box JBoss Portal Login Modules? Reason I ask is Portal depends on the entire JAAS integration with Tomcat that populates all the Subjects etc on authentication. This integration AFAIK cannot be done inside the Servlet Environment. You will have to get to a lower level inside of Tomcat which would be using a Valve/Authenticator approach. This approach is not a hack, but its definitely not trivial, so unless there is a really good reason to inject your own security realm, I would recommend integrating with JBoss Portal's security realm with your custom LoginModules. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071638#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...