Hi,
I am trying to call a secured ejb from a servlet (filter) that makes the web-authentication. Since the authentication is much more complex with the web-frontend, the ejb-authentication is only XMLLoginConfig.
From a standard client the login to the ejb works through standard login-Context generation. From the servlet (jetty) the exception is: principal=null.

Some code:

Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() ) ;
System.setProperty( "java.security.auth.login.config" , "META-INF/auth.conf" ) ;
String dbUserName = "user" ;
String dbPassword = "pwd" ;
UsernamePasswordHandler upwdHandler = new UsernamePasswordHandler( dbUserName , dbPassword ) ;
LoginContext loginContext = new LoginContext( "MDOSYSRealm" , upwdHandler ) ;
loginContext.login() ;
Context jndiContext = new InitialContext( );+
(...).

I don't know, if the auth.conf has any sense, but during testing I had the feeling, that it doesn't do anything, but must be there.
With the normal client it is:

MDOSYSLoginConfig {
org.jboss.security.ClientLoginModule optional ;
};

The servlet only tells me something if I put in there MDOSysRealm which is the Realm in the login-config.xml . However if I put in MDOSysLoginConfig jboss tells me that there is no MDOSysLoginConfig. I presume, that jetty directly works through the login-config.xml and does not do anything with the java.security.auth.login.config.

The deployment-descriptors all work (tested with external clients and server-server - two individual machines - communication).

Regards,

Dominic