Okay, one step further. This is what I need: public boolean checkPermission(PortalPermission permission) throws IllegalArgumentException, PortalSecurityException | { | try | { | // Get the current authenticated subject through the JACC contract | Subject subject = (Subject)PolicyContext.getContext("javax.security.auth.Subject.container"); | | // | return checkPermission(subject, permission); | } | catch (PolicyContextException e) | { | throw new PortalSecurityException(e); | } | } This is the API in org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager. If I can get this subject to be populated in my servlet, I am COOL! Essentially, I need to be able to set the subject to this "javax.security.auth.Subject.container" context. I could even create a new instance of the Subject and add the necessary principals manually, so long as there is a way to actually make the container use that subject by setting this context variable. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071677#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...