As you might be aware that Jetspeed is using Turbine DB that defines users and roles,
plus it is not using JAAS (using it's own ACL).

Problem:
How do I authenticate user of Jetspeed to be a valid user of JBoss?

Solution:
1) JBoss custom JAAS LoginModule
a) get the username/password via BASIC/FORM authentication schema.
b) pass the credentials to Jetspeed for authentication
i) login OK -> instance of JetspeedUser class is returned
ii) login FAILED -> Jetspeed's LoginException is raised
c) TO DO
setting RunData object
at the moment once login to JBoss you need to login again to Jetspeed
2) Web Application Configuration
a) configure the application's web-app.xml in order to use BASIC or FORM authentication
i) BASIC -> no extra setup necessary
2) FORM -> need to create login.jsp that contains





and specify it in the web-app.xml tag <form-login-page>
b) configure jboss-web.xml so it contains
<security-domain>java:/jaas/your_custom_login_module_name</security-domain>
3) EJBs configuration
configure jboss.xml for your EJBs so it contains
<security-domain>java:/jaas/your_custom_login_module_name</security-domain>
4) JBoss configuration
configure JBoss login-config.xml so it contains configuration of your custom login module
whose name is 'your_custom_login_module_name'