I am using jaas security in our applicaiton. In our application both web and ejb tiers are in the same jvm. I am using Client Login and UserPassword Login module.
As i have read from jboss3.0 book, when we use the jboss client login module, It stores the user credential into the SecurityAssociation object and later when some method of secured ejb is invoked. The Security Manager uses the SecurityAssociation object to retrive information for this thread.
yes, so it works.