The DatabaseServerLoginModule never hashes usernames so you need to look into where the bogus name is coming from at the app layer.
Is there a way to see what is being passed throught the JAAS classes, or to get at the values? I turned the the logging for security to debug. Is there any other way to test this stuff. I am not sure what is being retrurned from the rolesQuery.
Most detailed security logging requires trace level configuration.
<category name="org.jboss.security"> <priority value="TRACE" class="org.jboss.logging.XLevel"/> </category>
Other than that, get a debugger and the source.
Enabling trace helped me find the problem.
Here is the return of the getUserRoles during the problem:
Principal: Roles(members:safetyAppUser ,HttpInvoker )
Notice the white space after the role name.
The database column that I was pulling these from was a char(30) column, so I changed it to a varchar(30) and the query returned the following:
Thanks for all of the help.