I am having a strange problem with my login module using JBoss 4 and Java 5.
I have a custom login module defined in a policy in login-config.xml. The web.xml file for my app refers to it in the <login-config> tag.
The Security section of jboss-service.xml is correctly configured with respect to SecurityConfig, XMLLoginConfig, and JaasSecurityManagerService.
This all works fine with JBoss 3.2.4/5 Java 1.4.2.
Yet with JBoss4/JDK5, somehow my module never gets invoked. The log has the message : 2004-10-08 18:39:28,206 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=xxx. (which looks like it's invoking the "other" realm).
If I remove my realm from login-config, there is no complaint from the server. However, if I remove the "other" realm, it gives me the following: javax.security.auth.login.LoginException: No LoginModules configured for jboss.web
Can someone tell me what is going on?