"sohil.shah(a)jboss.com" wrote : ah ok- | | I understand your situation now. | | Ok in this case you have no choice but to go the Tomcat Valve/Custom Authenticator route. | | This is the only place you can actually grab hold of the Tomcat Session and populate it with the Subject/Principals that will be propagated through to Portal. | | Basically you have to simulate what the container managed security is doing inside of your own code, and not use container managed security. | | The sample interaction would be something like: | | 1/ You have a Tomcat Valve that post-processes the request on your Authentication Servlet | | 2/ In this Post Processing, it will grab information populated by the Servlet and populate the Principal/Subject just the way the container does for Portal when using standard JAAS mechanism | | For a look at how this is done, look at the Authenticator source code of Tomcat and you will be very much enlightened ;) | | Thanks Thanks Sohil. Let me look into the Tomcat source code and see if I can do something similar to get this working. Will let you know how goes by COB and hopefully, it goes well.... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071691#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...