Nothing is wrong - that's the behavior. If you want the client-side login to "immediately" propagate to the server, you can always call a secured remote method ( a noop that really does nothing but provide a hook from which to kick off security checks) from within the client-side LoginModule's login method.
As for useFirstPass(word), check out the code in AbstractServerLoginModule. It allows for the use of a shared password:
@option password-stacking: if true, the login identity will be taken from the
javax.security.auth.login.name value of the sharedState map, and
the proof of identity from the javax.security.auth.login.password
value of the sharedState map.
You should probably call the noop from within the commit() method (not login()) of the LoginModule, to ensure that the Principals and Credentials have already been collected.
first, thank you for your answer. Well I have just tried out to make a lookup and to call the create() method to a session bean within the commit() method of the ClientLoginModule. But I get a java.net.NoRouteToHostException. But I can connect my server! Are there are some properties for the LoginContext which enable or disable net-connections within the methods of ClientLoginModules!?!
thanks a lot
the problem with the NoRouteToHostException has been fixed.