I am writing a web applicaiton on top of a customized framework that does container level security enforcement including SSO.
I have requirement for the web application to use different authentication mechanism based on certain conditions. i.e in certain cases ,it has to use the infrastructure provided by the container level framework and in some cases application specific authentication.
I am achieving the latter by using JAAS through the configuration is done in jboss-web.xml as mentioned below.
The problem is that this gets defined at deployment time and the application starts up with that security scheme.
Is there a way to achieve both in the application based on run time factors?