ppradhan, One thing that is not completely clear from your description is wether or not the user has actually authenticated to servlet container. Just because the login form is returned does not neccessarily mean authentication did not happen. To be more specific... Consider the case when a request is made to login form page direclty. The user fills out the form and submits. If the user authenticated correctly, then the container will redirect user back to originally requested page. Which in this case happens to be the login form. So I suggest trying one of two things. Either add some temporary code to your login form (jsp) to display something if user is authenticated (i.e. request.getUserPrincipal()). Or create and secure another page (well call it main). Then request main. If user has not authenticated, they should be forwarded to login form. Once authenticated, user should be forwarded back to main. cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3964032#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...