Good Day, The JaasSecurityDomain mbean takes care of encryption inside of JBoss. For example you can use the JaasSecurityDomain to user certificates for SSL communication or you can use it to hash encode passwords. Look at http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html#d0e18295 Once you have declared the JaasSecurityDomain then you can add a property to your custom implementation of UsersRolesLoginModule that decodes the password in the roles.properties. If you need guidance, the LDAPExtLoginModule makes use of password hashing for the administrators password so you can look at it's implementation of how to look up the JAASSecurityDomain from the LoginModule and to proceed. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971384#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...