I’m attempting to migrate a custom login module from JBoss6 to JBoss7. The module checks for the existence of a x509 cert on the request. If the cert exists, it logs the user in. If the cert is missing (new user or using a different computer) the module uses plain old userID/password form based login. Effectively, each user has two passwords, his cert and his normal password. The system evolved to support legacy requirements; it’s not optimal, but it meets the customers needs.
The module is already written, but makes use of the javax.security.jacc.PolicyContext to access the http servlet context and store user info in the in the session. Unfortunately the PolicyContext it does not appear to be available in JBoss7. I've found that the online documentation in this area is somewhat confusing. Any advice on where to start would be appreciated.