I should add that I'm not married to the idea of providing a custom LoginService if there is a better way to contribute custom authentication mechanisms for web applications in Fuse 6.1!
This does not seem to be properly supported. The real problem is that when loading the custom jetty.xml, jetty uses the thread context classloader to load the classes, but pax-web does not set it to the classloader of the war bundle being deployed, leading to a CNFE.
Please raise a JIRA issue at Pax Web - OPS4J Issues so that we can get that fixed.
As a workaround, the easiest way would be to delegate to a native jetty login service or to implement security using a custom web filter maybe. The jetty-all-server contains a JAAS LoginService (org.eclipse.jetty.plus.jaas.JAASLoginService) which you can use. All security auth is done using JAAS in Fuse.
Ok thanks very much, I'll do that.
I'm not too surprised, since I ran into a similar problem when trying to get Weld working. In that case, the Weld Listener class (a servlet listener) was failing to load because the thread context classloader was set to the wrong WAR bundle CL. Might be a separate bug, but I'll mention both in the JIRA.