Anil, While the GenericHeaderbasedAuthenticator can get the UserID/Password from the Request header, how does the CustomLoginModule get access to those values? I'm not seeing the connection. Within a portlet or a servlet, its easy to get at those values (they're in the RenderRequest or ServletRequest, respectively); but if I want the CustomLoginModule to be used for the entire container, I'm not sure how the login() method in the CustomLoginModule gains access to the header-parameters. Some examples would be helpful in getting me to see the light. Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4185243#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...