Based on my observation Tomcat, JBoss, Resin, Jetty, Weblogic just require the developer to just implement the JAAS APIs LoginModule to develop a custom realm.
I would like to avoid writing appserver specific code as much as I can in my workspace. Based on the docs:
<snip url="
https://glassfish.dev.java.net/javaee5/docs/DG/beabg.html#beabs">
Custom login modules must extend the com.sun.appserv.security.AppservPasswordLoginModule class. This class implements javax.security.auth.spi.LoginModule. Custom login modules must not implement LoginModule directly.
<snipt>
Any one has clue why Glassfish happens to be the only webcontainer that requires you to extend from a Glassfish proprietary class instead of letting the user directly implementing the JAAS API? Can this be considered a bug?
Also any reason why this class name keeps changing every release... SJS8.x SJS 7.x had a different class to extend from (I think).
[Message sent by forum member 'uppalapati' (uppalapati)]
http://forums.java.net/jive/thread.jspa?messageID=284243