My stack is as follows : * JSF 1.2, Facelets, Richfaces 3.2.1 * JAAS - authentication and authorization * Tomcat 6 Points to note : 1. JAAS is working. I'm able to login into the application. 2. Roles are working. CMA intercepts when I hit a secured resource. 3. Authentication mechanism in web.xml <login-config> | <auth-method>FORM</auth-method> | <realm-name>myrealm</realm-name> | <form-login-config> | <form-login-page>/faces/login/login.jsf</form-login-page> | <form-error-page>/faces/login/loginerror.jsf</form-error-page> | </form-login-config> | </login-config> Problem 4. What I really want is to inform the user why the login failed : - wrong user id - wrong password - account locked due to too many unsuccessful attempts How can I do this ? The My JAAS LoginModule does not have any handle to session/request/JSF messages ? I don't want a generic login failure page. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4267132#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...