I want to create my own LoginModule and this module needs to add some special information (identifying the user globally - not only in the security domain) to the CallerPrincipal so that my session beans can use the principal returned from getCallerPrincipal() to uniquely identify the user.
I tried letting the login module add a "CallerPrincipal" (an instance of SimpleGroup) containing a principal instance (an instance of an extended SimplePrincipal with the added user information). But this is not the principal object returned from getCallerPrincipal.
I have also seen an article describing that the subject should be store in the jndi with name java:comp/env/security/subject but this jndi entry does not exist.
if, and only if :), i understand you correctly: try to use the credentials [authorizing token] instead of principal [identity token] to store the 'special informations. simply spoken the binding of both can be treated as the subject.