I was pointed to the following blog entry by a JBoss user that talks about the painful journey experienced by the user with various versions of JBoss until we added the very useful feature of Programmatic Web Login.
The blog entry from the user is:
Perform a JAAS programmatic login in Jboss - try to solve the “empty” remote user problem
I am all for having an active dialog with JBoss users in the blogosphere.
I invite users to subscribe to the "JBoss Security Beta Program" mailing list which is accessible at the Red Hat mailing lists here. This is a moderated no-spam mailing list, which provides an excellent communication platform between JBoss and its users (as far as security is concerned).