Right now, to add a new Security Realm to the JBoss server, we add an <application-policy> entry to the file login.config.xml. Instead, can we add this (or something similar) to one of the jboss*.xml deployment descriptors that are packaged with deployable archive files?

We would like to avoid changing configuration files when we deploy archive files that have special requirements for login.

Bill Alexander