The company I'm working in is finally migrating from JBoss-2.4.4 to version 3.2.x. In the old version we've had a custom Tomcat Realm to process the authentication/authorization. With the newer version it was no problem to make the transition to a new custom module based on org.jboss.security.auth.spi.AbstractServerLoginModule.
The problem I'm facing is this:
in the old login module I was able to store some needed info in session as the current session was readily available as an input parameter for the tomcat realm. It seems that with the AbstractServerLoginModule-based custom module the session is not available at all. How should I proceed, any pointers, tutorials, code snippets?