I am doing some testing of the JBoss 3.0.2 security, and have set up a web site to use the org.jboss.security.auth.spi.IdentityLoginModule JAAS module to always create a Subject containing the Principal named "Nick". I log on using an arbitrary name "Foo", which works just fine, as expected.
In the JSP page I can retrieve the Subject by the (non-standard) method of doing a JNDI lookup of "java:comp/env/security/subject", and that Subject contains the Principal "Nick", just as it should.
All is well so far. But when I ask for getUserPrincipal it returns "Foo". I thought the value returned by this was supposed to come from the Subject.
And just to check it really is a JBoss question, and not a Jetty problem, I tries getCallerPrincipal from inside an EJB and again received "Foo".