I have experience with J2EE 1.2 and 1.3 using SUN's RI. (both EJB 1.1 and EJB 2.0) I also know JAAS 1.0 and I know a little about JBoss 2.4 with Tomcat.
Here is my problem:
I need a custom JAAS authentication module using my own database tables for authentication. This module is not a user name/password authentication module, so I cannot use the built-in authentication mechanisms.
The client uses web browsers and I want to protect my web resources too. But how could I authenticate the user through the web from JSPs without any kind of built-in authentication method? (e.g. the web container cannot authenticate the user automatically via displaying some form and retrieving j_username and j_password or via HTTP basic authentication)
Is it possible to call directly LoginContext.login from a JSP and will the web container keep the authenticated subject and associate it with the session to avoid re-authentication in further calls?
No, you have to write a custom login module. See the current JavaWorld article that talks about how to do this.