22:08:42,234 INFO  [STDOUT]        [SampleLoginModule] configuration options:
22:08:42,234 INFO  [STDOUT]            debug = true
22:08:42,234 INFO  [STDOUT]        [SampleLoginModule] login
22:08:42,250 INFO  [STDOUT]        [SampleLoginModule] username : admin
22:08:42,250 INFO  [STDOUT]        [SampleLoginModule] success : true
22:08:42,250 INFO  [STDOUT]        [SampleLoginModule] added the following Principals:
22:08:42,250 INFO  [STDOUT]            [MyPrincipal] : admin
22:08:42,250 INFO  [STDOUT]            [MyPrincipal] : administrator

...
   <security-constraint>
        <web-resource-collection>
            <web-resource-name>WebResources</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>administrator</role-name>
            <role-name>manager</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>default</realm-name>
    </login-config>

    <security-role>
        <role-name>administrator</role-name>
    </security-role>
    <security-role>
        <role-name>manager</role-name>
    </security-role>

<jboss-web>
    <security-domain>java:/jaas/KapApp</security-domain>
</jboss-web>

    <application-policy name = "KapApp">
             <authentication>
                <login-module code="com.kpi.pi.security.SampleLoginModule"  flag="required">
                            <module-option name = "debug">true</module-option>
                        </login-module>
            </authentication>
    </application-policy>

package com.kpi.pi.security;

import javax.security.auth.spi.LoginModule;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import java.util.Map;
import java.util.Set;
import java.util.Iterator;
import java.security.Principal;

public class SampleLoginModule implements LoginModule {

    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected Map<String, ?> sharedState;
    protected Map<String, ?> options;

    // the authentication status
    protected boolean _succeeded;
    protected boolean _commitSucceeded;

    // configuration options
    protected boolean _debug;

    protected String _userName;
    protected char[] _password;

    protected Principal[] authPrincipals;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = sharedState;
        this.options = options;

        // initialize any configured options
        _debug = "true".equalsIgnoreCase((String) options.get("debug"));

        if (debug()) {
            printConfiguration(this);
        }
    }

    final public boolean debug() {
        return _debug;
    }


    public boolean login() throws LoginException {
        if (debug())
            System.out.println("\t\t[SampleLoginModule] login");

        if (callbackHandler == null)
            throw new LoginException("Error: no CallbackHandler available " +
                    "to garner authentication information from the user");
        // Setup default callback handlers.
        Callback[] callbacks = new Callback[]{
                new NameCallback("Username: "),
                new PasswordCallback("Password: ", false)
        };

        try {
            callbackHandler.handle(callbacks);
        } catch (Exception e) {
            _succeeded = false;
            throw new LoginException(e.getMessage());
        }

        String username = ((NameCallback) callbacks[0]).getName();
        String password =
                new String(((PasswordCallback) callbacks[1]).getPassword());

        if (debug()) {
            System.out.println("\t\t[SampleLoginModule] username : " + username);
        }

        if (username.equals("admin") && password.equals("pass")) {
            _succeeded = true;
            _userName = "admin";
            _password = password.toCharArray();
            authPrincipals = new MyPrincipal[2];
            //Adding username as principal to the subject
            authPrincipals[0] = new MyPrincipal("admin");
            //Adding role developers to the subject
            authPrincipals[1] = new MyPrincipal("administrator");
        }
        if (username.equals("man") && password.equals("1")) {
            _succeeded = true;
            _userName = "man";
            _password = password.toCharArray();
            authPrincipals = new MyPrincipal[2];
            //Adding username as principal to the subject
            authPrincipals[0] = new MyPrincipal("man");
            //Adding roles developers and managers to the subject
            authPrincipals[1] = new MyPrincipal("manager");
        }

        ((PasswordCallback) callbacks[1]).clearPassword();
        callbacks[0] = null;
        callbacks[1] = null;

        if (debug()) {
            System.out.println("\t\t[SampleLoginModule] success : " + _succeeded);
        }

        if (!_succeeded)
            throw new LoginException
                    ("Authentication failed: Password does not match");

        return true;
    }

    public boolean commit() throws LoginException {
        try {

            if (_succeeded == false) {
                return false;
            }

            if (subject.isReadOnly()) {
                throw new LoginException("Subject is ReadOnly");
            }

            // add authenticated principals to the Subject
            if (getAuthPrincipals() != null) {
                for (int i = 0; i < getAuthPrincipals().length; i++) {
                    if (!subject.getPrincipals().contains(getAuthPrincipals()[i])) {
                        subject.getPrincipals().add(getAuthPrincipals()[i]);
                    }
                }
            }

            // in any case, clean out state
            cleanup();
            if (debug()) {
                printSubject(subject);
            }

            _commitSucceeded = true;
            return true;

        } catch (Throwable t) {
            if (debug()) {
                System.out.println(t.getMessage());
                t.printStackTrace();
            }
            throw new LoginException(t.toString());
        }
    }

    public boolean abort() throws LoginException {
        if (debug()) {
            System.out.println
                    ("\t\t[SampleLoginModule] aborted authentication attempt.");
        }

        if (debug()) {
            System.out.println
                    ("\t\t[SampleLoginModule] aborted authentication attempt.");
        }

        if (_succeeded == false) {
            cleanup();
            return false;
        } else if (_succeeded == true && _commitSucceeded == false) {
            // login succeeded but overall authentication failed
            _succeeded = false;
            cleanup();
        } else {
            // overall authentication succeeded and commit succeeded,
            // but someone else's commit failed
            logout();
        }
        return true;
    }


    protected void cleanup() {
        _userName = null;
        if (_password != null) {
            for (int i = 0; i < _password.length; i++) {
                _password[i] = ' ';
            }
            _password = null;
        }
    }

    protected void cleanupAll() {
        cleanup();

        if (getAuthPrincipals() != null) {
            for (int i = 0; i < getAuthPrincipals().length; i++) {
                subject.getPrincipals().remove(getAuthPrincipals()[i]);
            }
        }
    }

    public boolean logout() throws LoginException {
        _succeeded = false;
        _commitSucceeded = false;
        cleanupAll();
        return true;
    }

    protected Principal[] getAuthPrincipals() {
        return authPrincipals;
    }


    // helper methods //

    protected static void printConfiguration(SampleLoginModule slm) {
        if (slm == null) {
            return;
        }
        System.out.println("\t\t[SampleLoginModule] configuration options:");
        if (slm.debug()) {
            System.out.println("\t\t\tdebug = " + slm.debug());
        }
    }

    protected static void printSet(Set s) {
        try {
            Iterator principalIterator = s.iterator();
            while (principalIterator.hasNext()) {
                Principal p = (Principal) principalIterator.next();
                System.out.println("\t\t\t" + p.toString());
            }
        } catch (Throwable t) {
        }
    }


    protected static void printSubject(Subject subject) {
        try {
            if (subject == null) {
                return;
            }
            Set s = subject.getPrincipals();
            if ((s != null) && (s.size() != 0)) {
                System.out.println
                        ("\t\t[SampleLoginModule] added the following Principals:");
                printSet(s);
            }

            s = subject.getPublicCredentials();
            if ((s != null) && (s.size() != 0)) {
                System.out.println
                        ("\t\t[SampleLoginModule] added the following Public Credentials:");
                printSet(s);
            }
        } catch (Throwable t) {
        }
    }

}

package com.kpi.pi.security;

import java.security.Principal;

public class MyPrincipal implements Principal {

    private String name = null;

    public MyPrincipal(String name) {
        if (name == null)
            throw new NullPointerException("name cannot be null");
        this.name = name;
    }

    public String getName() {
        return name;
    }

    public int hashCode() {
        return name.hashCode();
    }

    public String toString() {
        return "[MyPrincipal] : " + name;
    }

    public boolean equals(Object o) {
        if (o == null)
            return false;

        if (this == o)
            return true;

        if (!(o instanceof MyPrincipal))
            return false;
        MyPrincipal that = (MyPrincipal) o;

        if (this.getName().equals(that.getName()))
            return true;
        return false;
    }

}

<application-policy name = "KapApp">
<authentication>

<login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule" flag ="required">

<module-option name = "dsJndiName">java:/MySqlDS</module-option>

<module-option name = "principalsQuery">select password from usr where login = ?</module-option>

<module-option name = "rolesQuery">select r.name, 'Roles' from User_roleEntries_Role_userEntries ur, usr u, role r where ur.role_id = r.id and ur.usr_id = u.id and u.login = ?</module-option>

<module-option name = "unauthenticatedIdentity">guest</module-option>
</login-module>
</authentication>
</application-policy>

<security-constraint>
        <web-resource-collection>
            <web-resource-name>WebResources</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>administrator</role-name>
            <role-name>manager</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/common/login_form.html</form-login-page>
            <form-error-page>/common/login_error.html</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <role-name>administrator</role-name>
    </security-role>
    <security-role>
        <role-name>manager</role-name>
    </security-role>

   <form action="j_security_check">
        Username: <input type="text" name="j_username"/><br/>
        Password: <input type="password" name="j_password"/><br/>
        <input type="submit" value="Login"/>
    </form>

<jboss-web>
    <security-domain>java:/jaas/KapApp</security-domain>
</jboss-web>

CREATE TABLE `role` (
  `ID` int(11) default NULL,
  `NAME` varchar(200) default NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE `user` (
  `id` int(11) NOT NULL auto_increment,
  `username` varchar(15) default NULL,
  `password` varchar(250) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE `user_roleentries_role_userentries` (
  `ROLE_ID` int(11) NOT NULL,
  `USR_ID` int(11) NOT NULL,
  PRIMARY KEY  (`ROLE_ID`,`USR_ID`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

INSERT INTO `role` VALUES (1,'administrator');
INSERT INTO `role` VALUES (2,'manager');
INSERT INTO `user` VALUES (1,'admin','admin');
INSERT INTO `user` VALUES (2,'man','1');
INSERT INTO `user_roleentries_role_userentries` VALUES (1,1);
INSERT INTO `user_roleentries_role_userentries` VALUES (2,2);