and what's wrong with using the Subject ?
Why do it any other way then the default login modules handle this case?
they create Groups and Principals and populate the Subject with them.
ok, i'll take a look on what informations i can add to the subject.
and after, how can i get these informations in the portal ?
how can i retrieve the subject ?
Subject currentSubject = (Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
but note that this call is subject to security manager access checks.
Not sure if there is any better way ....
it works fine ;)
i can retrieve the jaas subject and my specific object too.