I am thinking to create a plugable authentication/athorization module which will interact with the third party web services. I did some research on this topic, here are my findings:

1. Collect the userid/password/other security data from the login form;
2. Pass the above data to the customized CallbackHandler;
3. Initialize the LoginContext("configration on the loginmodule", the customized callback handler);

My questions are:

Can the JBoss container initialize the LoginContext automatically via login-config files?

Do I need to create two plugable customized modules: one for Authentication, one for authorization?

Can you provide any sample configurations on the J2EE decalarative and JACC compliance related confgurations, thanks in advance