We use a custom (JAAS) login module, which builds a custom prinicipal. When logging in as a remote client, everything works fine. The client-side JAAS login module communicates with the server-side login module, the login is performed and the prinicipal is authenticated against our own login-"domain-logic".
Now we would like to use the same server-side login module to authenticate and authorize a web client. The web client will run in tomcat embedded in the same JBoss instance.
How can we configure tomcat (embedded in JBoss) to use our login modules? We have the web application in the same security domain (in jboss-web.xml) as our ejb-application (in jboss.xml). We have an "application-policy" in the "login-context.xml". How does tomcat know which application-policy to apply and where will it store the subject the login context will provide?
Any help will be greatly appreciated!