I have created a custom login module that I use to restrict web service access. The module extends the UsernamePasswordLoginModule and authenticates requests against a proprietary authentication server. JBoss/JAAS reads the username and password from the request's authentication header.

I would like to change from usernames and passwords to cookie based authentication, but do not understand how to register a new authentication protocol. I'm assuming I need a callbackhandler of some sort. Is there a way to create a custom callbackhandler and associate it with a custom login module? If so how do you go about doing it?

Thanks.