We have successfully applied a security-constraint with basic authentication to "/*" which generates the expected login popup. After entering valid information, the user is theoretically authenticated, but the request.getRemoteUser() continues returning null. When the security constraint is applied to a specific Login.jsp page that prints getRemoteUser(), the popup appears, and the page successfully prints it. Any subsequent pages again shows getRemoteUser() as null. How can the authenticated user be applied to all pages? Server Configuration: O/S: Windows XP Pro SP2 App Server: JBoss 4.0.3SP1 Portal: JBoss Portal 2.2.1-GA Application Configuration: [web.xml] <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>PortalUser</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>MyAuthentication</realm-name> </login-config> <security-role> The role required to access restricted content <role-name>PortalUser</role-name> </security-role> [login-config.xml] <application-policy name="MyAuthentication"> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">props/my-users.properties</module-option> <module-option name="rolesProperties">props/my-roles.properties</module-option> </login-module> </application-policy> [jboss-web.xml] <jboss-web> <security-domain>java:jaas/MyAuthentication</security-domain> </jboss-web> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968392#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...