I am struggling with the following task for days now:

I got a custom JAAS Login Module that is doing my user authentication.

I integrated this Module by placing a security domain configuration (application-policy) in login-config.xml.

This works very well.

Next step would be to manage programatic permission handling.

I would like to do this in the described way:

- In commit method of login module, some custom type permissions are fetched from an external database.

- This permissions are stored in the subject's credentials.

- The access to different EJBs or code fragments should be granted or denied depending on a complex logic. Therefore I need to implement/overwrite the checkPermission method of the security manager.

Unfortunately I did not manage to do so.

What I already tried:

- Write a custom Security Manager that extends org.jboss.security.SubjectSecurityManager, org.jboss.security.RealmMapping, and Serializable

I put the jar in "jboss/lib" and "jboss/common/lib" and changed the value of "SecurityManagerClassname" attribute of "JaasSecurityManagerService" mbean in jboss-service.xml to my implementation - without success. My clas wasn't invoked.

- Write a custom DelegatingPolicy class that extends DelegatingPolicy

When I try to invoke this class in my login-config.xml, I got an exception that this class was not initialized when the security domain is accessed.

Any help would be great !