getting
diff --git a/‎jacc/contexts/pom.xml
+24 b/‎jacc/contexts/pom.xml
+24
diff --git a/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/bean/JaccRequestBean.java
+27 b/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/bean/JaccRequestBean.java
+27
diff --git a/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/sam/SamAutoRegistrationListener.java
+22 b/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/sam/SamAutoRegistrationListener.java
+22
diff --git a/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/sam/TestServerAuthModule.java
+95 b/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/sam/TestServerAuthModule.java
+95
diff --git a/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/RequestServlet.java
+49 b/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/RequestServlet.java
+49
diff --git a/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/RequestServletEJB.java
+52 b/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/RequestServletEJB.java
+52
diff --git a/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/SubjectServlet.java
+96 b/‎jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/SubjectServlet.java
+96
diff --git a/‎jacc/contexts/src/main/webapp/WEB-INF/glassfish-web.xml
+12 b/‎jacc/contexts/src/main/webapp/WEB-INF/glassfish-web.xml
+12
diff --git a/‎jacc/contexts/src/main/webapp/WEB-INF/jboss-web.xml
+5 b/‎jacc/contexts/src/main/webapp/WEB-INF/jboss-web.xml
+5
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.javaee7.jacc</groupId>
+        <artifactId>jacc-samples</artifactId>
+        <version>1.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>contexts</artifactId>
+    <packaging>war</packaging>
+    
+     <dependencies>
+        <dependency>
+            <groupId>org.javaee7.jaspic</groupId>
+            <artifactId>common</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+    </dependencies>
+
+</project>
@@ -0,0 +1,27 @@
+package org.javaee7.jacc.contexts.bean;
+
+import javax.ejb.Stateless;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 
+ * @author Arjan Tijms
+ *
+ */
+@Stateless
+public class JaccRequestBean {
+
+    public HttpServletRequest getRequest() throws PolicyContextException {
+        return (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
+    }
+    
+    public boolean hasAttribute() throws PolicyContextException {
+        return "true".equals(getRequest().getAttribute("jaccTest"));
+    }
+    
+    public boolean hasParameter() throws PolicyContextException {
+        return "true".equals(getRequest().getParameter("jacc_test"));
+    }
+}
@@ -0,0 +1,22 @@
+package org.javaee7.jacc.contexts.sam;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.annotation.WebListener;
+
+import org.javaee7.jaspic.common.BaseServletContextListener;
+import org.javaee7.jaspic.common.JaspicUtils;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebListener
+public class SamAutoRegistrationListener extends BaseServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule());
+    }
+
+}
@@ -0,0 +1,95 @@
+package org.javaee7.jacc.contexts.sam;
+
+import static javax.security.auth.message.AuthStatus.SEND_SUCCESS;
+import static javax.security.auth.message.AuthStatus.SUCCESS;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Very basic SAM that returns a single hardcoded user named "test" with role "architect" when the request parameter
+ * <code>doLogin</code> is present.
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+public class TestServerAuthModule implements ServerAuthModule {
+
+    private CallbackHandler handler;
+    private Class<?>[] supportedMessageTypes = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+
+    @Override
+    public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler,
+            @SuppressWarnings("rawtypes") Map options) throws AuthException {
+        this.handler = handler;
+    }
+
+    @Override
+    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
+            throws AuthException {
+
+        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+
+        Callback[] callbacks;
+
+        if (request.getParameter("doLogin") != null) {
+
+            // For the test perform a login by directly "returning" the details of the authenticated user.
+            // Normally credentials would be checked and the details fetched from some repository
+
+            callbacks = new Callback[] { 
+                // The name of the authenticated user
+                new CallerPrincipalCallback(clientSubject, "test"), 
+                // the roles of the authenticated user
+                new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) 
+            };
+        } else {
+
+            // The JASPIC protocol for "do nothing"
+            callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
+        }
+
+        try {
+
+            // Communicate the details of the authenticated user to the container. In many
+            // cases the handler will just store the details and the container will actually handle
+            // the login after we return from this method.
+            handler.handle(callbacks);
+
+        } catch (IOException | UnsupportedCallbackException e) {
+            throw (AuthException) new AuthException().initCause(e);
+        }
+
+        return SUCCESS;
+    }
+
+    @Override
+    public Class<?>[] getSupportedMessageTypes() {
+        return supportedMessageTypes;
+    }
+
+    @Override
+    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
+        return SEND_SUCCESS;
+    }
+
+    @Override
+    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+
+    }
+}
@@ -0,0 +1,49 @@
+package org.javaee7.jacc.contexts.servlet;
+
+import java.io.IOException;
+
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/requestServlet")
+public class RequestServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        request.setAttribute("jaccTest", "true");
+        
+        try {
+            HttpServletRequest requestFromPolicy = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
+            
+            if (requestFromPolicy != null) {
+                response.getWriter().print("Obtained request from context.");
+                
+                if ("true".equals(requestFromPolicy.getAttribute("jaccTest"))) {
+                    response.getWriter().print("Attribute present in request from context.");
+                }
+                
+                if ("true".equals(requestFromPolicy.getParameter("jacc_test"))) {
+                    response.getWriter().print("Request parameter present in request from context.");
+                }
+                
+            }
+        } catch (PolicyContextException e) {
+            e.printStackTrace(response.getWriter());
+        }
+
+    }
+
+}
@@ -0,0 +1,52 @@
+package org.javaee7.jacc.contexts.servlet;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.security.jacc.PolicyContextException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.javaee7.jacc.contexts.bean.JaccRequestBean;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/requestServletEJB")
+public class RequestServletEJB extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+    
+    @Inject
+    private JaccRequestBean jaccRequestBean;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        request.setAttribute("jaccTest", "true");
+        
+        try {
+            if (jaccRequestBean.getRequest() != null) {
+                response.getWriter().print("Obtained request from context.");
+                
+                if (jaccRequestBean.hasAttribute()) {
+                    response.getWriter().print("Attribute present in request from context.");
+                }
+                
+                if (jaccRequestBean.hasParameter()) {
+                    response.getWriter().print("Request parameter present in request from context.");
+                }
+                
+            }
+        } catch (PolicyContextException e) {
+            e.printStackTrace(response.getWriter());
+        }
+
+    }
+
+}
@@ -0,0 +1,96 @@
+package org.javaee7.jacc.contexts.servlet;
+
+import static java.security.Policy.getPolicy;
+import static java.util.Collections.list;
+
+import java.io.IOException;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.WebRoleRefPermission;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * This Servlet demonstrates both how to obtain the Subject and then how to retrieve the roles from
+ * this Subject.
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/subjectServlet")
+public class SubjectServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        
+        try {
+            Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
+            
+            if (subject != null) {
+                response.getWriter().print("Obtained subject from context.\n");
+
+                // Get the permissions associated with the Subject we obtained
+                PermissionCollection permissionCollection = getPermissionCollection(subject);
+                
+                // Resolve any potentially unresolved permissions
+                permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
+                
+                // Filter just the roles from all the permissions, which may include things like 
+                // java.net.SocketPermission, java.io.FilePermission, and obtain the actual role names.
+                Set<String> roles = filterRoles(request, permissionCollection);
+                
+               for (String role : roles) {
+                   response.getWriter().print("User has role " + role + "\n");
+               }
+            }
+        } catch (PolicyContextException e) {
+            e.printStackTrace(response.getWriter());
+        }
+    }
+    
+    private PermissionCollection getPermissionCollection(Subject subject) {
+        return getPolicy().getPermissions(
+            new ProtectionDomain(
+                new CodeSource(null, (Certificate[]) null), 
+                null, null, 
+                subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()])
+            )
+        );
+    }
+    
+   private Set<String> filterRoles(HttpServletRequest request, PermissionCollection permissionCollection) {
+       Set<String> roles = new HashSet<>();
+       for (Permission permission : list(permissionCollection.elements())) {
+           if (permission instanceof WebRoleRefPermission) {
+               String role = permission.getActions();
+               
+               // Note that the WebRoleRefPermission is given for every Servlet in the application, even when
+               // no role refs are used anywhere. This will also include Servlets like the default servlet and the
+               // implicit JSP servlet. So if there are 2 application roles, and 3 application servlets, then 
+               // at least 6 WebRoleRefPermission elements will be present in the collection.
+               if (!roles.contains(role) && request.isUserInRole(role)) {
+                   roles.add(role);
+               }
+           }
+       }
+       
+       return roles;
+   }
+    
+
+}
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<glassfish-web-app>
+
+    <security-role-mapping>
+        <role-name>architect</role-name>
+        <group-name>architect</group-name>
+    </security-role-mapping>
+
+    <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+
+<jboss-web>
+    <security-domain>jaspitest</security-domain>
+</jboss-web>