I have this code to create a configuration of a java client to connect to a JBoss application server:

System.setProperty( "java.security.auth.login.config", "auth.conf" );
LoginContext auth = new LoginContext( "myAuth", 
    new LoginCallbackHandler( username, password ) );
auth.login();

The file auth.conf contains the following lines:

myAuth {
    org.jboss.security.ClientLoginModule required;
};

Now, somewhere else in the code (the LoginContext auth isn't known there) I have an EJB that does a initialContext.lookup( jndiName ) and a narrow() to access a Bean on the JBoss application server. This narrow only succeeds if the login information of the first step was correct.

Question

How does the login information propagate from the LoginContext to the narrow()? I don't see any connection between these two places.

And further, how could I do two or more different logins inside of one client?

I found a nice explanation in the JBoss documentation (chapter 8.4.1):

The login() call only binds the name and password to the JBoss EJB layer of the client. All subsequent EJB calls will use these credentials and pass them to the called EJB method.