Hi

I've got big problem. There is the system on which I do work, it uses NTLM to autheticate the user. There is special authenticator - the same like NtlmHttpFilter from Jcifs, but not a servlet - a special class (which is derived from AuthenticationBase from tomcat jars) packaged as jar together with login module, which I use in my app. Login module is used to authorise the user - retrieves roles from database.
When user enteres the app url in the browser it is automatically logged in when she/he is logged in the domain. But when not - the browser shows the window to log in.
I need in my app the second way to authenticate and authorise the user - login and password should be matched with these from db. I wrote a special jsp and servlet to do that. I also wrote loginModule to log user from db. But how can I do authorisation - so that user roles are retrieved correctly?
Application uses ejb3 and user principal must be in the sessioncontext.
Is that possible?