SourceForge Submitter: rrhodes .
The CallerIdentityLoginModule throws a
SecurityException when it tries to get the login
information from a web application. I have verified that
it throws an Exception when SimpleServerLoginModule,
DatabaseServerLoginModule, or my own custom login
module are used for authentication of the web
application. I'm using jboss v3.2.6

The real exception is a ClassCastException, but the
caller login module is catching it and rethrowing
SecurityException.

On line 122 of CallerIdentityLoginModule, it has:
password = (char[]) o;

This needs to be changed to:
String pass = (String) o;
password = pass.toCharArray();

I'm uploading my file with the change.

thanks,
Ryan Rhodes