After reading this anonymous wrote : Once authenticated, the roles associated
with this user will be utilized for access control decisions across all of the
associated web applications, without challenging the user to authenticate
themselves to each application individually. on this page
Hello - I am using JBoss 422 with embedded tomcat. I've written my own custom
login module which extends
org.jboss.security.auth.spi.AbstractServerLoginModule. The module validates the
user name and password from 1 system, then retrieves domain groups from an ldap
system and maps those groups