I'm writing a custom LoginModule, which raises a few questions:
1. Is it possible to package a custom LoginModule implementation on a per-application basis, or does it only work server-wide?
2. Assuming a server-wide LoginModule, is it possible to have a separate login-congig.xml per application? If so, what is its relationship to the server-wide login-config.xml (i.e. which one overrides that other one in the event of conflicts)?
3. Does a LoginModule implementation automatically have the necessary security clearance to use any restricted session beans (i.e. beans annotated with @RolesAllowed) and/or session bean methods? I ask this because I want my LoginModule implementation to use a stateless session bean to access login data.