The user identity in portal won't be propagated to the servlet. The easiest workaround for that is to leverage PortletSession.APPLICATION_SCOPE using which you can share objects with servlet HttpSession. Usually for use cases like file download you store a token in a portlet session, pass token id as url parameter and check if it's valid in servlet. I can't help you with AJAX as I'm not very knowledgeable in it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989129#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...