I have searched the forums and never found an answer on how to make tomcat running standalone use JBoss security. The integrated tomcat jboss works fine when I try to use form based logins in tomcat to access ejb's. However when I go to a "production" type environment with tomcat on one machine and jboss on another I cannot get a login to validate. I am sure there is some setup that needs to be done on tomcat to make it use jboss's security realm. In this standalone environment I have jndi working from tomcat so I can access my ejb's if I don't use any security. As soon as I enable security in jboss and in tomcat I can not even login to tomcat. I have seen posts stating that what I am trying to do is not possible. What would need to be done to make it possible. Could a custom security provider be written. Any help on this would be greatly appreciated.