The DatabaseCertLoginModule is an extension of BaseCertLoginModule that uses a database table to store role information. This works just like the DatabaseServerLoginModule, only without principals query. In fact, all the role handling code was borrowed directly from that class.

The supported login module configuration options include the following:

• securityDomain - the name of the SecurityDomain to obtain the trust and keystore from.

• verifier (4.0.2+) - the class name of the org.jboss.security.auth.certs.X509CertificateVerifier to use for verification of the login certificate

• dsJndiName: The name of the DataSource of the database containing the Principals and Roles tables

• rolesQuery: The prepared statement query, equivalent to:

"select Role, RoleGroup from Roles where PrincipalID=?"

Note: Value of RoleGroup column always has to be Roles. This is specific to JBoss.