"I would recommend integrating with JBoss Portal's security realm with your custom LoginModules. " What do you exactly mean by this? JBoss Portal uses a "portal" security realm that uses the JBoss OOTB login modules. I've used my own security realm and that works just fine if I use container managed security (a.k.a j_security_check). So, the issue is not with the use of a new,custom security realm but rather the lack of using container managed security and using my servlet. So, if there is an issue, it is not with using a custom security realm but with using a Servlet and invoking the LoginModule explicitly? Correct? Want to ensure that both of us are on the same page. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071645#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...