I have a servlet that receives a non-SOAP XML message with authentication information in the message, and I need to establish a temporary security context to call a secured EJB.

What is the best method for doing this? The client is not able to call j_securitycheck.

Currently I'm creating a LoginContext, getting the Subject and invoking the EJB through a Subject.doAs call. So far I haven't been able to get this to work.