I looked through the web and found out how to setup form based authentication, it took a little trying, so I thought I would post my results in how I setup form based authentication.
in the login-config.xml I left basically the same, used the default "other" setting which was at the bottom of the login-config.xml file.
<application-policy name = "other">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
I used the jboss-web.xml to look at the configuration of "other" in login-config.xml
made a text file to hold my users, passwords and roles, users.properties and roles.properties.
then in my web.xml file I declared my <security-constraint> and my <login-config>
I then setup my /login.html page
and that did it. I hope this helps.