"shane.bryzak(a)jboss.com" wrote : This should be fixed in CVS now, please let me know if there's any further issues with HTTP authentication. Has this been tested? Because when I look at the code in the latest trunk, I didn't see any code that would fix the second problem I mentioned (see the "Problem 2" in my previous posts). That is, the basic auth processing logics does not call identity.authenticate() anywhere. Where is the authentication been triggered? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4125288#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...