I'm new with JBoss and i'm trying to solve my problem that to create a custom login module that do this:
1) read two strings (username & roles) passed by Apache web server in http request header
2) doesn't execute any kind of authentication (Apache execute this task)
3) create principal with username & roles in session
I can read strings coming from Apache but I don't know how to create principal with those datas... could anybody help me giving some tips? Thanks...
What you are doing is something called as "Perimeter Security". Please take a look at how GenericHeaderAuthenticator is implemented. You will need to do something like it.