I have a similar problem. My login module resides in a JAR within the EAR's lib folder. It can be configured with a JNDI name and then invokes a session bean to perform the authentication task (it is somewhat complex because there a license manager involved). The login module gets called but the user name and the password are random UUIDs. I just want to know if I understand the problem described here correctly and if my problem could be just another incarnation of the same problem...
BTW and off-topic: is this the correct approach if the login process is very complex and depends from entities and other services...?