Hi everyone,
I am not sure if this is the right forum for asking such a question but since Hibernate is involved, I dare to ask the question. If this is not the right forum, please let me know where to ask the question instead:

I have a web application using JPA with Hibernate being the JPA implementation. All the libraries are contained in the application itself, thus they are not available to other web application running on the same server (Tomcat 6).

Now I want to secure the application by using a custom JAAS LoginModule which should query the database to check the user's credentials. This communication should happen by using JPA as well as it is used in the application itself. Following several tutorials I have wrote my own LoginModule and all the related and required files. The LoginModule should get the EntityManager and query the database. Testing the classes as a standalone project worked the way it should.

As soon as I put the JAR file with all the JAAS and JPA related stuff into the servers 'lib' directory, the whole JAAS thing does not work anymore.

First I have put all the required libraries into the JAAS JAR file as I have done with the web application. This may have been a mistake since calling the LoginModule via the server ended up in a ClassCastException:

[...]
Caused by: java.lang.ClassCastException: org.hibernate.ejb.HibernatePersistence
at javax.persistence.Persistence.findAllProviders(Persistence.java:79)
at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:48)
at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:33)

I thought that this might relate to different class loaders. The JAAS JAR file might have been loaded by the standard class loader while the web application having the same library (resp. class) inside most likely has been loaded by the web app class loader.

Following this assumption I thought it might be clever to put all the required libraries into the server's lib directory so that they are shared among all applications. This worked at first since the error mentioned aforehand did not occur anymore.
But now I have a different problem. The persistence layer throws an exception telling that the entity (class) which I try to retrieve from the database using the JAAS login module is not registered within the persistence.xml file. Concerning the persistence.xml file in the JAAS JAR file, this statement is wrong since the class is registered there. Concerning the persistence.xml file in the web application, this is right, since I don't need it there.

I gave it a try and registered the entity in the web app's persistence.xml and was surprised that the persistence layer was able to complete one more tiny step - it was able to query the database. Nonetheless it failed in instanciating the entity's class with a ClassCastException which again might be related to the same class once being load by the webappclassloader (since the class is part of the application) and once being load by the standard class loader which loads all the server libraries.

Just to give you some more information: I have tried to use both persistence units with equal names as well as with different ones.

Could anyone give me an advice how to structure this scenario or how to avoid these errors. It is essential to implement against the JPA and I favour providing the required libraries in the applications JAR/WAR instead of sharing all the libraries among all web application.

Lots of thanks in advance,
Florian