I have an EJB client app and an EAR on the server, and the following snippet added to the server's login-config.xml:
<application-policy name = "myapp"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/MyappDS</module-option> <module-option name = "principalsQuery">SELECT password FROM employee WHERE id=?</module-option> <module-option name = "rolesQuery">SELECT accessLevel, 'Roles' FROM employee WHERE id=?</module-option> </login-module> </authentication> </application-policy>