Hi I'm not sure that this answer coresponds to posted questions! I have the same problem I want to use "ssl Client" credential and principal to use them in my own AuthorizationLoginModule. As I understand ssl, it authenticates client so we do not need to authenticate client in BaseCertLoginModule again, why not take the credential and principal from ssl and put them into sharedState. Do I have to use LoginContext when I use SSL?! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970290#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...