I'm building a system where we use SSL client authentication to authenticate users accessing a web based system. We've developed a custom login module that figures out the roles of the user by looking up the details in their certificate in a database.

I want to unit-test my EJBs with JUnit or some such but now that I've enabled the login module I can no longer access them.

I tried using the ClientLoginModule and implementing a CallbackHandler that handle the ObjectCallback but ClientLoginModule doesn't seem to ask for this.

How do I get a certificate into the call? I don't care if it is a bit of a hack so long as I don't need to touch the server code to do it.