I wonder if we should have some generic HttpServlet based adapter? It can be used for all the servlet containers, where we don't have proper adapter. We can create just HttpServletFilter and after the authentication, send forward the wrapped HttpServletRequest with few overriden methods (getRemoteUser, isUserInRole, logout, ...). The disadvantage is that it's not tightly coupled with the container security (propagation to EJB etc) and security-constraints in web.xml won't work, so we will need to use something different (init-parameters in the filter maybe). I know we have proxy, but maybe this will fit even better for some environments? Marek