thanks for that Scott, I was hoping that wouldnt be the conclusion.
A collegue of mine suggested another solution:
Use declarative security in the web tier (FORM) and once logged in the principal
details are available in the EJB tier
Aparantly it was not with JBoss but the container login
If you can use declarative security in the web tier you should as the integration with
ejb tier is automatic.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3848027#3848027
Reply to the post :
That is the expected behavior since the JAAS login is only setting up the security
context for subsequent ejb invocations. It does not change or establish the web
container security context. That could be done using a custom integration with a
tomcat valve, but this would be non-trival, and in