I'm writing an application that I plan on securing with JAAS. The application's user will be authenticating/authorizing against a SQL database. I need a bit more functionality than provided by org.jboss.security.auth.spi.DatabaseServerLoginModule.
Is it workable to extend DatabaseServerLoginModule and distribute it with my application? If so, will the standard conf/login-config, web.xml, jboss-web.xml scheme still work even though the module code is in a different package? On the other hand, is it considered best practice to implment LoginModule myself and if so, how will the http invoker know to execute this code?