I'm having some trouble that might be related to this message.
I'm working on using JaasAuthenticationProvider to have jaas(indeed SRP) login to a jboss application with Acegi. Looking at authenticate() in JaasAuthenticationProvider:
loginContext.login() method in turns call Configuration.getConfiguration().
LoginContext loginContext = new LoginContext(loginContextName,
//Attempt to login the user, the LoginContext will call our InternalCallbackHandler at this point.
Then jboss's XMLLoginConfigImpl which implements Configuration is the configuration that's returned. And as a result, login-config.xml is the file the application looks for configuration information. And regardless of what loginConfig property i set in the bean, login-config.xml is being used. Am I supposed to write my own version of configuration and override loadConfig() method if i don't want this default behavior?