I am looking for a model like the one used on www.jboss.com. What I would like to do is have unathenticated users have access to the servlets in a "read only" mode, but for authenticated users to be able to use the same URLs but now get the page rendered with a form and data entry widgets.

I don't have a problem coding the servelts to get the principal and determine how their pages should be rendered. But I can't figure out how to configure the login modules so that the servlets have a security domain but to stop the login form or HTTP popup being displayed when the site is first entered. This is dependant upon finding a way to set the security context for the session from within my code running within the JBossAS? Any clues in this area whould be helpful too.

Thanks for any help

Steve