I am using JBoss 4.2.3. I have a webapp with my own db schema containing users,roles. I configured the catalina jdbc realm in the default/deploy/jboss-web.deployer/server.xml as follows:

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
           driverName="org.gjt.mm.mysql.Driver"
           connectionURL="jdbc:mysql://....."
           userTable="USERS" userNameCol="UserName" userCredCol="UserPasswd"
           userRoleTable="USER_ROLE_XREF" roleNameCol="RoleName"/>

In my web.xml I have the FORM based auth-mode in login-config and the appropriate login/error pages configured.

<form-login-config>
            <form-login-page>/Login.jsp</form-login-page>
            <form-error-page>/LoginFailed.jsp?failed=true</form-error-page>
        </form-login-config>

Now, the authentication seems to work, though i get classcastexceptions

2010-08-24 15:20:35,220 DEBUG [org.jboss.web.tomcat.security.SecurityAssociationValve] Failed to determine servlet
java.lang.ClassCastException: org.apache.catalina.realm.GenericPrincipal  cannot be cast to org.jboss.web.tomcat.security.JBossGenericPrincipal
         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:146)

I have checked on the JBoss forums as well as numerous posts online related to this and they mention using a custom login module or built in jboss module.

So, after reading ch8 (security) of the jboss docs http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html

I decided to use the built in

org.jboss.security.auth.spi.DatabaseServerLoginModule
and configured an entry for my webapp in default/conf/login-config.xml as follows

<application-policy name = "mywebapp">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/myds</module-option>
             <module-option name = "principalsQuery">SELECT USERPASSWD FROM USERS WHERE USERNAME=?<
/module-option>
             <module-option name = "rolesQuery">SELECT ROLENAME, 'Roles' FROM USER_ROLE_XREF WHERE 
USERNAME=?</module-option>
          </login-module>
       </authentication>
    </application-policy>


In my webapp, along with the web.xml, I created a jboss-web.xml with the name of the security-domain
configured as mywebapp.

<jboss-web>
    <security-domain>java:/jaas/mywebapp</security-domain>
</jboss-web>

Now, when I try to login, I get the following error in the server.log where it tries to use UserRoleLoginModule and complains about not finding user.properties
as well as role.properties.

2010-08-24 15:54:08,373 WARN  [org.apache.catalina.realm.JAASRealm] Login exception authenticating username "admin"
javax.security.auth.login.LoginException: Missing users.properties file.
        at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:148)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at javax.security.auth.login.LoginContext.invoke(Unknown Source)
        at javax.security.auth.login.LoginContext.access$000(Unknown Source)
        at javax.security.auth.login.LoginContext$4.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
        at javax.security.auth.login.LoginContext.login(Unknown Source)
        at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:361)
        at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
        at java.lang.Thread.run(Unknown Source)


Ideally, the tomcat jdbc realm shouldnt give a classcastexception as that realm works in the standalone tomcat env. 

What am I missing?
Thanks in advance!
Shyam