I don't think you can, you can use this to authenticate to using the portal security but, you will not be authorized to access the secure portal pages. This is basically a two step process. Authorization in a basic JAAS example would use a filter to secure what areas can be accessed after authentication. That is what j_security_check is mainly doing for the portal at a very low level thus making it secure. "Sohil" wrote on this in several JAAS post, you need to get the Tomcat code for the valve and look at it. Then it will begin to make sense to what needs to done to hack the code and write your own module. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087173#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...