Hi all, Refer to "dan957" setup for authentication, I confuse about his setting. I can setup basic authentication with using LDAP in apache (front end). If no authentication setup in JBoss, how can I secure the JBoss web server even thought I get the remote user name from apache. Anyone can directly call JBoss with using the URL in their bookmark. Any trick??????? For my target setup ----------------------- End User ---> (one server with apache and JBoss) Apache with proxy to JBoss | | | v JBoss with LDAP (set IP control, only accept localhost request) Any comment/suggestion? I still stuck in using LDAP authentication in JBoss!!!!! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4241323#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...