I am working on a web application, hosted on a JBoss AS 7.1.1, which will be used by users from two different companies.

In order to authenticate, besides username and password, users must provide the company they belong to.
And, according to the company, the authentication will be against a database or against an Active Directory server.

I have a LdapExtLoginModule to authenticate against the Active Directory server:

<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
   <module-option name="java.naming.provider.url">ldap://ldaphost:389</module-option>
   <module-option name="bindDN">searchuser</module-option>
   <module-option name="bindCredential">password</module-option>
   <module-option name="baseCtxDN">CN=Users,DC=example,DC=com</module-option>
   <module-option name="baseFilter">(sAMAccountName={0})</module-option>
   <module-option name="rolesCtxDN">CN=Users,DC=example,DC=com</module-option>
   <module-option name="roleFilter">(member={1})</module-option>
   <module-option name="roleAttributeID">CN</module-option>
   <module-option name="roleAttributeIsDN">false</module-option>
   <module-option name="roleRecursion">2</module-option>
   <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
   <module-option name="allowEmptyPasswords">false</module-option>
</login-module>

And a DatabaseServerLoginModule to authenticate against the database:

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
   <module-option name="unauthenticatedIdentity" value="guest"/>
   <module-option name="dsJndiName" value="java:/my-ds"/>
   <module-option name="principalsQuery" value="SELECT password FROM users WHERE username = ?"/>
   <module-option name="rolesQuery" value="SELECT DISTINCT role_id, 'Roles' FROM roles WHERE username = ?"/>
</login-module>

According to the company the user provided, how can I manage the authentication and select the properly login module? Thanks for helping.

This question was also asked on StackOverflow.