I don't know if i understood corectly, but i think you have to set "sufficient" for both login-modules
If the first one succeed the second won't be invoke
If the first one fails the second module will be invoked
if second fails login is denied
Thanks for your reply, yes what you say makes sense however from the security subsystem XSD I can read that with Required:
"Required - The LoginModule is required to succeed. If it succeeds or fails, authentication still continues to proceed down the LoginModule list."
So I'm not sure what is the best option for my case, Required or Sufficient.
>I don't know if i understood corectly, but i think you have to set "sufficient" for both login-modules
My need is that if the database is unavailable, the authentication will be checked on the filesystem using the RealmDirect, but just as second option.
i think if you choose "sufficient" for both login-modules, it will work as you need,
but you may get ugly exceptions while database-login-module crashes cause database isn't available
as second step you may write an own database-loginmodule that inherit from jboss databaseLoginModule and precheck availabilty of database
if database is not available you could silently return false in login() method and log custom messages