I made one small change that gets me closer to my goal, I think. Since my jboss-web.xml security-domain entry was java:/jaas/sso-app, I realized that this line:
That now gets me the right JaasSecurityManager. However, I'm still unable to get a new Subject "pinned" in the JaasSecurityManager programmatically. I'm trying to get it to work using the JaasSecurityManager.isValid() method, so if I'm off base, let me know.
To close this out, logging in "under the covers" would have required modifications to some of the JBoss JAAS classes at the Thread mapping level. This diverted from a gaol of not modifiying the JBoss sources in ways that might create incompatibilities. The final solution was based on a variant of the method described in Java Developer's Journal August 2003 Issue 8 Volume 8 "Active Authentication".
Here is the URL to the article.
The article is good, but it seems to rely on 'redirects' rather than forwarding. Are there any disadvantages to this?
I'm having a similar problem. I have made a simple 'self registration' application where I want to add a new user, and if the user is sucessfully added, log them in. I guess I could just redirect using this scheme... hmmm.