Hi! I'm actually running a complete security setup under JBoss 2.4.4 using JBossSX. All's working fine until I get to the point where I need the subject data inside my web application. After the login via a html-form or http-basic is succeeded I need to get some information about the current logged in user. Inside the http-session no attributes are stored, but how can I get to the subjects, principals, etc? Does anyone did something like that before? Is it something about the JBoss Security Manager?