Hi All, Apologize if these questions have been asked before or if they are naive, but I am writing after doing some search on the web and the forum. Do point me out to any tutorial / web resource if you think they can answer my questions. I am relatively new to JBoss/JAAS authentication, and have successfully implemented a sample web application which uses the form based authentication method. On the server side, I have a custom class which extends the DataBaseLoginModule. My questions were the following: 1) Does one have to use form with 'j_security_check' to initialize the security workflow? 2) How could I extend this if I needed to have the username password in my HTTP request? 3) It seems like once JBoss authenticates the user, a HTTP session is maintained until the JBoss cache expires. Is this true? Meaning once logged into a web application, and if the subsequent JSP / Servlet calls fall inside the security restrictions defined in a web.xml, a session is maintained and there is no need for extra authentication on each step. 4) I understand jboss 'webauthentication' is similar but is mostly for programmatic login. Can it be used from a JSP / Swing/ .NET client?? If so how, is there any useful web resource / tutorial you could point me to? Thanks and hoping fro some feedback from the forum. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171343#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...