Hi all,

we have a legacy Spring (2.5) webapp using JAAS for authentication, hosted on Tomcat 6.

Username and passwords are checked against another legacy service, that cant be modified.

Once logged in (by using form authentication and checking with the legacy service), our spring app has a JAAS subject with all the credentials, roles, etc applicable for that user.

then, we have installed Jboss AS 7.1.1 Final with JBPM 5.4.0, developed an EJB intended to be used in conjunction with our spring app, and so far we have managed to make the remote EJB calls (using spring bean initialized by a jndi-lookup, and a new ApplicationRealm user to call the EJB).

The thing is, we must call the EJB knowing (in the EJB) which user from the other application has issued the call / invoked the method, and we have no idea on how to accomplish it

Reading the security domain and authentication documentation I dont see a clear way to integrate our legacy authentication service in JBOSS to lookup the user, nor do I see how to propagate the subject thats active on the tomcat app to Jboss.

Any guidance would be greatly appreciated,

Thanks in advance

Ramon