You should do a JAAS login, using jboss' ClientLoginModule.
See http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ for more info.

Hth
Peter

The easiest way is to use the ClientLoginModule to login to JBoss before you do JNDI lookups.

Here's the code that needs to be in your app before you lookup the home interface and create off it:

CallbackHandler handler = new JBossUsernamePasswordCallbackHandler();
LoginContext lc = new LoginContext("other", handler);
lc.login();

JBossUsernamePasswordCallbackHandler is a class I made. You can write your own, but here's mine:

package com.cft.Simple;
import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.*;
import javax.security.auth.callback.UnsupportedCallbackException;

public class JBossUsernamePasswordCallbackHandler implements CallbackHandler {

/**
* @see javax.security.auth.callback.CallbackHandler#handle(Callback[])
*/
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {

for(int i=0;i<callbacks.length;i++) {
if(callbacks instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks;
nc.setName("alanw");
}
else if(callbacks instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks;
pc.setPassword("password".toCharArray());
}
else throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback");
}

}

}

You will also need to point your client to an auth.conf on your file system that tells your client code how to login. Mine looks like this:

other{org.jboss.security.ClientLoginModule required;};

The easiest way to point to it is using the -D JVM option, something like:

-Djava.security.auth.login.config=C:\auth.conf

See the docs for more info.