Do you mean org.jboss.security.auth.spi.AbstractServerLoginModule ?
Yes that is what I meant :-) Why should I *have to* extend that or one of its subclasses ? Why can't i just extend javax.security.auth.spi.LoginModule and stick to pure JAAS (that can be used in a different EJB container) rather than JBoss JAAS (that can't) ?
Who said that you 'have' to? You can just create your own class that implements LoginModule...
Well all documentation suggests this (the JAAS howto doc for starters), and many posts on this forum suggest this.
I had already implemented my own LoginModule extending javax.security.auth.spi.LoginModule. I put it in a JAR and put it in $JBOSS_HOME/server/default/lib/. I then reference it in $JBOSS_HOME/server/default/conf/login-config.xml for a web application, as follows
<login-module code="mydomain.JAAS.DBLoginModule" flag="required" -->
SELECT Password FROM User WHERE Username=?</module-option>
SELECT Role, 'Roles' FROM UserRole WHERE Username=?</module-option>
When I try to log in I get
2003-08-08 06:07:06,828 DEBUG [org.jboss.security.plugins.JaasSecurityManager.MyDBRealm] Login failure
javax.security.auth.login.LoginException: No LoginModules configured for MyDBRealm
How do these LoginModule's get configured for use in JBoss ?
If I swapped the login-module above for JBoss's DatabaseServerLoginModule it works - however I don't want to do that :-(
I can only interpret the lack of a response here as acceptance that I have to extend the JBoss jaas AbstractServerLoginModule - the comments in the source file for that module implies it also. It would be nice to have that confirmed or otherwise - surely someone has an example of *not* extending the JBoss base LoginModule and its use in JBoss ?
Hmm... I don't quite see how not gettting a response during a weekend any acceptance of that at all - some of us get out and about at w/e's.
I suggest you debug your code a little... Is your login module getting instantiated and initialised for instance.