I noticed that XWiki uses SecurityFilter. I have a Tomcat configuration that already has a JAAS realm setup with a custom JAAS module. It doesn't seem like the SecurityFilter configuration will really work with this - I'd probably have to implement a custom XWikiAuthService that talks to the JAAS implementation directly, which sort of defeats the purpose of having Tomcat manage that for me. Has anyone attempted something similar? would it be a lot of work for me to modify the source to use the container security instead of SecurityFilter? Thanks Ben