I've installed a JASPIC (JASPI/JSR 196) SAM (login module) in JBoss EAP 6.01. It works and is invoked whenever a protected resource is accessed.
However, when I call HttpServletRequest#login it's NOT invoked, and JBoss instead invokes the default file realm login module.
Any rationale for this behavior?