I have a merely simple web-service under jboss4.0.0 and now moving it on 4.0.2. this is the part of my login-config.xml:
<application-policy name = "JBossWS"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/OracleDS</module-option> <module-option name = "principalsQuery">SELECT PASS FROM trate.dilers_auth WHERE LOGIN=?</module-option> <module-option name = "rolesQuery">SELECT role,'Roles' FROM WS_USERROLES WHERE USERNAME=?</module-option> </login-module> </authentication> </application-policy>
Everything is ok. I have found an answer in the source of org.jboss.webservice.handler.ClientLoginHandler.