We've implemented a proprietary MVC framework that handles its own authentication using JAAS (Using neither Form, BASIC, Digest, etc auth). I'm having issues sharing authentication information with other web resources in a different web context for purposes of Single Sign On.
Fine, using the ClientLoginModule gets the Subject set in the SecurityAssociation object making it available to the JaasSecurityManager. However this appears not to be enough for the authenticated Subject to be available for authentication of other web resources. Now this is key for me because I have implemented login modules which once they have access to the Subject can extract a token to indicate that this Subject has been duly authenticated. Within the same context, access to this Subject is no problem because we simply share it using the HttpSession. Accross contexts however I can't do this. Does anyone have any ideas how I could go about this? I'm currently working with Jboss3.2.1, tomcat 4.1.24.