I found very little info about JndiLoginInitialContextFactory.
I searched the docs, forum, wiki, tutorials, even google...
So except for the javadoc and the code itself, which I took a look at, does anyone have info regarding it's usage.
It seems that while using JndiLoginInitialContextFactory to propagate principals and credentials between the servlet container and the ejb container, JBoss still needs a loginmodule (<security-domain> in jboss.xml) for ejb method authorization otherwise it won't do any permission check.
So my second question is: if I only want ejb method permission check to be activated, which jboss login module should I use as <security-domain>, or should I write my own module (if so, what should it be roughly doing since I'm not interested in testing passwords at that level)?