I'm trying to figure out how to provide my own specialized authentication methodology (probably using an applet in a browser) to log into a web site. The situation is that there is no password in the LDAP database, only an encryption and validation certificate (public key). What I want to do is provide an applet that opens the user's credentials (with their permission of course) and signs some data to provide proof of who the user is.

Instead of a username and password, I'd be sending data clearsigned by the user.

Has anyone travelled this region of the JAAS and have any pointers on how I might accomplish something like this?

Specifically I'm using JBoss 3.0 with Jetty running a web application.

Thanks.

-T