Valid JSR-196 ServerAuthModule not called when activating alternative JACC Policy
I want to use my own ServerAuthModule as well my own JACC Policy implementation in glassfish 188.8.131.52.
The ServerAuthModule is working perfectly when the JACC setting is default.
But when I activate my own JACC policy via server-config > Security > JACC Providers, the ServerAuthModule is not called any more.
Not even the constructor of the ServerAuthModule is called.
The implementations follow the Oracle tutorial for implementing a custom SAM, the JSR-196 spec and the JSR-115 spec.
The SAM is configured in glassfish via server-config > Security > Message Security > HttpServlet.
The provider id is then used in sun-web.xml and glassfish-web.xml to activate it for the war.
The deployment is an ear with many ejb-modules inside and a war containing rest-services.
What piece am I missing to get it working correctly?