I'm trying to set up jbpm 3.2.6.sp1. I've got everything deploying fine, but I can't login to the jbpm-console. It took me a while to track down how I'm supposed to populate my JBPM_ID_USER, JBPM_ID_GROUP, and JBPM_ID_MEMBERSHIP tables with some sample data (why isn't this described in the User Manual?), but whenever I try to login as "user/user", I get the following error:

2009-04-10 13:20:08,485 ERROR [org.apache.catalina.realm.JAASRealm] Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for jboss.web
at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at javax.security.auth.login.LoginContext.(LoginContext.java:403)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:344)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)

I also enabled trace logging for org.jboss.security, and see this output right before the error message:

2009-04-10 13:20:05,509 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jboss.web), size=1
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(jboss.web), no entry in appConfigs, tyring parentCont: null
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(jboss.web), no entry in parentConfig, trying: other
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jboss.web), failed to find entry
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(other), size=1
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(other), no entry in appConfigs, tyring parentCont: null
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(other), no entry in parentConfig, trying: other
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(other), failed to find entry

I don't have an "other" entry in my login-config.xml, but I do have this entry:

<application-policy name="jbpm-console">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/JbpmDS</module-option>
<module-option name="principalsQuery">
SELECT PASSWORD_ FROM JBPM_ID_USER WHERE NAME_=?
</module-option>
<module-option name="rolesQuery">
SELECT g.NAME_ ,'Roles'
FROM JBPM_ID_USER u,
JBPM_ID_MEMBERSHIP m,
JBPM_ID_GROUP g
WHERE g.TYPE_='security-role'
AND m.GROUP_ = g.ID_
AND m.USER_ = u.ID_
AND u.NAME_=?
</module-option>
</login-module>
</application-policy>

everything else is just vanilla out-of-the-box unchanged configuration. WEB-INF/jboss-web.xml has
<security-domain>java:/jaas/jbpm-console</security-domain>
which looks like it should be using the "jbpm-console" application policy, but it doesn't seem to be.

I tried copying the jbpm-console application policy to ones named "other" and "jboss.web", but I get the same error message.

Can anyone offer any suggestions? I'm amazed that jbpm is so difficult to get working with a fresh installation.