i implemented JAAS the best i know how; however, when i enter the correct username and password with the correct role, it forwards me to the bad login page??? i also get no exceptions in the jboss console.

i am using the username: 'tom' and the password 'tomuser'. as you can see below, tom has a password of 'tomuser' and is in the role of 'admin'

what am i missing???

here is my configuration:

mysql sql code

use pyxiswebadmin;
drop table users;
drop table roles;

create table users
(
 username varchar(64) not null primary key,
 password varchar(64) not null

);

create table roles
(
 username varchar(64),
 role varchar(64)

);

insert into users values ('tom', 'tomuser');
insert into users values ('dick', 'dickuser');
insert into users values ('harry', 'harryuser');

insert into roles value ('tom', 'admin');
insert into roles value ('dick', 'audit');
insert into roles value ('harry', 'user');

commit;

mysql> show tables;
+-------------------------+
| Tables_in_pyxiswebadmin |
+-------------------------+
| roles |
| users |
+-------------------------+
2 rows in set (0.00 sec)

mysql> select * from users;
+----------+-----------+
| username | password |
+----------+-----------+
| tom | tomuser |
| dick | dickuser |
| harry | harryuser |
+----------+-----------+
3 rows in set (0.00 sec)

mysql> select * from roles;
+----------+-------+
| username | role |
+----------+-------+
| tom | admin |
| dick | audit |
| harry | user |
+----------+-------+
3 rows in set (0.00 sec)

 <!-- ####################################### -->
 <!-- added for Pyxis Server security -->
 <!-- ####################################### -->
 <application-policy name="pyxis-client-login">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/pyxisDS</module-option>
 <module-option name="principalsQuery">select password from users where username=?</module-option>
 <module-option name="roleQuery">select role, 'Role' from roles where username=?</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <!-- ####################################### -->

<?xml version="1.0" encoding="UTF-8"?>

<datasources>
 <local-tx-datasource>
 <jndi-name>pyxisDS</jndi-name>
 <connection-url>jdbc:mysql://localhost:3306/pyxiswebadmin</connection-url>
 <driver-class>org.gjt.mm.mysql.Driver</driver-class>
 <user-name>pyxis</user-name>
 <password>pyxisuser</password>
 </local-tx-datasource>

</datasources>

<jboss-web>
 <security-domain>java:/jaas/pyxis-client-login</security-domain>
</jboss-web>

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

 <welcome-file-list>
 <welcome-file>index.jsp</welcome-file>
 </welcome-file-list>

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>HtmlAdaptor</web-resource-name>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>admin</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>

 <login-config>
 <auth-method>FORM</auth-method>
 <form-login-config>
 <form-login-page>/restricted/login.jsp</form-login-page>
 <form-error-page>/restricted/bad-login.jsp</form-error-page>
 </form-login-config>
 </login-config>

 <security-role>
 <role-name>admin</role-name>
 </security-role>

</web-app>