The underlying problem I am trying to solve is that Tomcat (at least the version integrated with JBoss 3.0 beta) doesn't seem to carry the authentication information to unprotected sections of the webapp even after the user has logged in.
Actually the behavior is worse that that! I'm also
seeing similar in 2.4.4 .
I did some research on this and (if only by trial and error) I found that the highest I could get without the above problem using jboss and tomcat was JBoss2.4.3+Tomcat400.
Here we are 4 months down the line - has there been any change on this problem?