Hi,
I'm new here, sorry if the question was already asked.

I'm trying to understand which is the exact flow of events, when authentication for a web app running in Jboss and JAAS are involved.

1) I access some URL of the web application
2) The web app shows its authentication page
3) User enter username/password
4) web app invokes JAAS module (???)
5) jaas module verifies credentialy (???)
....???....
6) web appl lets the user in

For the web app there is an entry in login-config.xml:
<application-policy name = "xellerate">

<login-module code="org.jboss.security.ClientLoginModule" flag="required">
</login-module>
<login-module code=
"com.thortech.xl.security.jboss.UsernamePasswordLoginModule"
flag = "required" >
<module-option name =
"unauthenticatedIdentity">Unknown</module-option>
<module-option name =
"data-source">java:/jdbc/xlDS</module-option>
</login-module>

</application-policy>


Can you help me to complete the above flow of events?
Thank you very much.