yes thanks, i read it before. but from reading: http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication and http://roneiv.wordpress.com/2008/02/19/perform-a-jaas-programmatic-login-... I was thinking that it will solve the problem. going back to the FAQ, does A7 means that there is no way to mimic the j_security_check using a simple api? all i want here is to have a servlet for login that enables the other side to invoke other api requests over http which will than propagate to the EJB layer with the correct proncipal. (as my j_security_check does) is it not possible in jboss? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136465#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...