Hi, I will get around to posting this up on the WIKI but the 'day job' is currently taking up more than it's fair share of time. When it all calms down i'll get it done. In answer to your query I use: @In Context sessionContext; | | ... | | ((NtlmPasswordAuthentication) sessionContext.get("NtlmHttpAuth")).getUsername() | | This allows me to extract the current session user's username, which I then pass off to the real authentication/authorisation code. Hope this helps. Craig View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4088789#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...