I have implemented a customized LoginModule implementing "javax.security.auth.spi.LoginModule" because I'd like a portable LoginModule.
The authentication is correct but there's a problem in authorization because the "Roles" java.security.acl.Group needs "SimplePrincipal" instances. I've checked it in the method "doesRoleGroupHaveRole" of org.jboss.security.plugins.JaasSecurityManager class. Exactly, the problem is in the following line:
boolean isMember = userRoles.isMember(role);
because "role" is a SimplePrincipal but userRoles are not (they are a different implementation of Principal interface).
When the principal for the roles are "SimplePrincipal" instances, authentication and authorization works correctly, but then I need JBoss libraries (and the portability is a requisite).
Is there any solution for getting portability?. I think that this is the main objective of JAAS.