I've got this problem, but not sure how to implement this on Jboss (2.4.x)/Jetty.
We are writing an intranet application with our own custom security system. There's a java lib which checks the HTTPRequest/session to see if it contains a valid token id, if not then I need to redirect the user to another web server to authencate, on success then it redirects back to my server which allows me to check for the token again. If the token is valid then I will assign a role to that session.
The questions are:
1) Will I need to write a custom LoginModule in order to do what I want.
2) If I need to write a custom module, then how do I get the LoginModule to redirect the user's browser?
3) Can the LoginModule have access to EJB(Entity Bean) to fetch the roles for a particular user.
thanks in advance,