"PeterJ" wrote : The easiest, and correct, way to do what you want to do is write your own login module, hence my reason for pointing you to a prior discussion of this topic (if you look carefully at that topic, that user also had encrypted password in the database and thus could not use the DatabaseServerLoginModule to perform the login and had to write his own login module). The DatabaseServerLoginModule should provide you with a reasonable template (or you could subclass it) within which you can do your own work to validate the user and return the collection of roles. I agree with you, Peter and that's exactly what I'm going to do. But there's a part of my doubt that is a little more simple: if I use j_security_check and name my input texts in the login page j_username and j_password, will JBoss pass these values to my own login module? If so, I'm done. Thank you. Marcos View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4050293#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...