If this has to be done in the loginmodule, then the protected member _subject of AppservPasswordLoginModule could be used :
_subject.getPublicCredentials().add("email");
To do this outside the realm/loginmodule in the calling application ,
SecurityContext.getCurrent().getSubject().getPublicCredentials().add("email")
could be used. However if this is used within the realm/loginModule before the authentication process is completed, the default security context with the read only Subject is returned and throws an error, which was originally observed..
HTH
Nithya
[Message sent by forum member 'nitkal' (nitkal)]
http://forums.java.net/jive/thread.jspa?messageID=336565