Hi everyone, I encountered some problems when trying to use the Servlet 3.0 login method in Wildfly 10. After logging in using `HttpServletRequest.login(String, String)`, using the code below, on successive requests I still get a Basic Authentication prompt. I have also found the same issue on the JBoss developer forum in a post that goes back to september 2015: developer.jboss.org/thread/262640?start=0&tstart=0 <http://developer.jboss.org/thread/262640?start=0&tstart=0> . Why is the `login` function not working in my configuration? My endpoint: @POST @Path("login") @Consumes(MediaType.APPLICATION_JSON) public void login(@Valid LoginRequest loginRequest) { try { User user = userController.findUserByUsername(loginRequest.getUsername()).orElseThrow(NotFoundException::new); httpServletRequest.login(loginRequest.getUsername(), loginRequest.getPassword()); log.info(securityContext); // not null now! } catch (ServletException e) { throw new NotAuthorizedException(e.getMessage(), e, AuthenticationHeaderFilter.CHALLENGE); } } And my `jboss-web.xml` <?xml version="1.0" encoding="UTF-8"?> <jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd"> <security-domain>MyRealm</security-domain> </jboss-web> And my `web.xml`: <login-config> <auth-method>BASIC</auth-method> <realm-name>MyRealm</realm-name> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>user</role-name> </security-role> <security-constraint> <display-name>Authenticated content</display-name> <web-resource-collection> <web-resource-name>Authentication required</web-resource-name> <url-pattern>/api/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <security-constraint> <display-name>Anonymous content</display-name> <web-resource-collection> <web-resource-name>Exclude from Security</web-resource-name> <url-pattern>/api/me/login</url-pattern> </web-resource-collection> </security-constraint> Furthermore, I declared my security domain as follows in standalone.xml <security-domain name="MyRealm" cache-type="default"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:jboss/MysqlXADS"/> <module-option name="principalsQuery" value="SELECT password AS Password FROM user WHERE username = ?"/> <module-option name="rolesQuery" value="select 'user' as Role, 'Roles' as RoleGroup union select 'admin' as Role, 'Roles' AS RoleGroup from user where admin is true and username = ?"/> </login-module> </authentication> </security-domain> I have also posted the question on Stackoverflow, so any answer posted there will receive the bounty points: http://stackoverflow.com/questions/38896538/httpservletrequest-login-does... <http://stackoverflow.com/questions/38896538/httpservletrequest-login-does... Thanks in advance! Jan-Willem Gmelig Meyling