migrated project to ejb3
looks like it won't take my security domain, because it uses UsernamePasswordLoginModule instead of my custom one =|
although during deployment it says it will take db_store as sec. domain (last listing)

my bean

@Stateless(name = "UserEJB")
@Remote(User.class)
@TransactionManagement
@SecurityDomain("db_store")
public class UserBean implements User {
...
 @TransactionAttribute(TransactionAttributeType.SUPPORTS)
 @PermitAll
 public void create() throws CreateException
 }
}

<application-policy name="db_store">
 <authentication>
 <login-module code="ru.***.PermLoginModule" flag="sufficient">
 <module-option name="dsJndiName">
 DS/Standard
 </module-option>
 <module-option name="principalsQuery">
 SELECT pml_secret FROM permanentlogin p JOIN users u ON (p.usr_id = u.usr_id) WHERE usr_login = ? AND p.pml_secret = ? AND usr_isdeleted = 0
 </module-option>
 <module-option name="rolesQuery">
 SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0
 </module-option>
 <module-option name="ignorePasswordCase">false</module-option>
 <module-option name="unauthenticatedIdentity">nobody</module-option>
 </login-module>


 <login-module code="ru.***.SCLoginModule" flag="required">
 <module-option name="dsJndiName">
 DS/Standard
 </module-option>
 <module-option name="principalsQuery">
 SELECT usr_password FROM users WHERE usr_login = ? AND usr_isdeleted = 0
 </module-option>
 <module-option name="rolesQuery">
 SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0
 </module-option>
 <module-option name="ignorePasswordCase">false</module-option>
 <module-option name="unauthenticatedIdentity">nobody</module-option>
 </login-module>
 </authentication>
 </application-policy>

javax.ejb.EJBAccessException: Authentication failure
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:70)
 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:263)
 at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:58)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:102)
 at $Proxy595281.create(Unknown Source)
 at ru.***.ejb.BeanHelper.getUserBean(BeanHelper.java:154)
 ... 21 more
Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
 at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null]
2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null]