I've been battling an issue for several weeks now that I can't figure out. I have a web app using Struts, JSPs, and EJBs. The whole thing is deployed as an EAR file into Jboss 3.2 RC2 with Jetty. The entire EAR is configured to use a secure domain, and I have a customized LoginModule for that domain to hook into our internal security systems.
Logging into the Web app works fine, but it appears that the credentials don't get passed to the EJB layer. The first call to my Facade Session Bean from the Struts Actions force the EJB laywer to call my LoginModule again. The problem with this is that we use the SecureID system from RSA, so the credentials that are available to the EJB layer have already been authenticated by the Web layer. I've turned on logging and see my LoginModule being called twice. How do I prevent this second call to the LoginModule.