Hello, I'm trying to create a new web authentication method following the next procedure: - based on FormAuthenticator.java i've coded a new class (well, i've just copied FormAuthenticator but with different name in order to prevent errors) - added the line CUSTOM=<<my custom class>> in Authentication.properties - in web.xml, added the line <auth-method>CUSTOM</auth-method> (and all the necessary ones to protect the web resources) I'm using a simple application based on JSP pages to test my configuration but get a HTTP/403 Configuration error. This is the error page I get: type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. I've tried to "cheat" JBoss to test my class: - changed in authentication.properties the line FORM=org.jboss.etc... with FORM=<<my custom class>> - now the application's web.xml has the next line: <auth-method>FORM</auth-method> Everything goes fine in this case, but I would like to add this new authentication method instead of modifying the FORM method. Somebody knows what is happening? Thanks in advance, Antonio View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4080446#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...