> Where is the hook between JaasSecurityManager and
Well, i'm afraid there isn't. The integration between Jetty and JBoss (JBossUserRealm) creates its own principal object, because it must implement jetty's UserPrincipal interface.
I'm afraid this is hard to change because of the way security is implemented in Jetty.
Maybe, Greg or Jules can comment on this....
So it is not possible to create an application which uses a customized principle? To me that seems to be a big disadvantage to using JBoss. We have data which must be returned to out applications in the principle object. Without being able to do that, we cannot develop with JBoss, and we definately cannot use it in a production environment.
Currently we are able to to this using Weblogic.
BTW, I also tried this with JBoss/Tomcat with the same type os issue except that I get a SimplePrincipal instead of my custom principal.