No you cannot call LoginContext.logout() from the way you described. When you do a jaas login with a java client, you have a Callback Handler, LoginContext etc...Then you can call a LoginContext.logout()...In your case, annotate a method on the Servlet as @WebMethod logout() and call HttpSession .invalidate() in that method...That will invalidate the Principal in the Session Cache & will logout.... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4124867#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...