I can autorize a user based in his roles.

But i cant obtain the list of his roles !!!!!!!

This is my login-config.xml

<application-policy name="databasePolicy">

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OracleDS</module-option>
<module-option name="dsJndiName">java:OracleDS</module-option>
<module-option name="principalsQuery">Select Password from Principals where PrincipalID =?</module-option>
<module-option name="rolesQuery">Select Role Roles, RoleGroup RoleGroups from Roles where PrincipalID =?</module-option>
</login-module>

</application-policy>

and code:

SecurityAssociationHandler handler = new SecurityAssociationHandler();

SimplePrincipal user = new SimplePrincipal(userName);
handler.setSecurityInfo(user, password.toCharArray());
lc = new LoginContext("databasePolicy", handler);
lc.login();
subject = lc.getSubject();
} catch (javax.security.auth.login.LoginException e) {
throw new LoginException(ExceptionConstants.SECURITY_LOGIN, e.getCause());
} catch (Throwable e) {
throw new ProgramException(e);
}

thats ok, CAN I GET THE ROLES OF THE USER ("userName") ???????