I have a general system question regarding LDAP, as I'm fairly new to that.
Basically I have a webapp on tomcat that works with a Jboss appserver.
Upon login, I now ask the appserver to verify, and it replies with a token object (so a completely custom system).
Now I want to start using role-based security, with things like isUserInRole().
I think I need to re-configure tomcat and jboss for form-based auth, but beyond that I'm stuck.
What kind of realm do I need to configure, and how will the credentials be known by the webserver and the appserver then?