this is my policy in login-config.xml :
<application-policy name="test-policy">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">
java:/testDS</module-option>
<module-option name="principalsQuery">select pass from Users where userName=?</module-option>
<module-option name = "rolesQuery">select roleId from Users where user_id=?</module-option>
</login-module>
</authentication>
</application-policy>
and this is my jbodd-web.xml :
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
<security-domain>java:/jaas/test-policy</security-domain>
-->
</jboss-web>
and my web.xml is :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app >
<distributable/>
<!--
struts -->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>application</param-name>
<param-value>ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!--<servlet>
<servlet-name>ipu</servlet-name>
<display-name>ipu</display-name>
<description>Vista server IP updater</description>
<servlet-class>com.objectj.vc.updIP</servlet-class>
</servlet>-->
<!-- add the content of generated_web.xml here -->
<!-- struts -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!--<servlet-mapping>
<servlet-name>calendar</servlet-name>
<url-pattern>/calendar</url-pattern>
</servlet-mapping>-->
<!--
To specify mime mappings, create a file named mime-mappings.xml, put it in your project's mergedir.
Organize mime-mappings.xml following this DTD slice:
<!ELEMENT mime-mapping (extension, mime-type)>
-->
<session-config>
<session-timeout>300</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>home.jsp</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error.run</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error.run</location>
</error-page>
<error-page>
<error-code>400</error-code>
<location>/error.run</location>
</error-page>
<!--
To add taglibs by xml, create a file called taglibs.xml and place it
in your merge dir.
-->
<taglib>
<taglib-uri>struts-bean</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-html</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-html.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-logic</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-nested</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-nested.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-tiles</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-tiles.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-template</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-template.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-layout</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-layout.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>components</taglib-uri>
<taglib-location>/WEB-INF/tld/components.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-form</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-form.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>extensions</taglib-uri>
<taglib-location>/WEB-INF/tld/extensions.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>ejbtags</taglib-uri>
<taglib-location>/WEB-INF/tld/ejbTags.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>reporttags</taglib-uri>
<taglib-location>/WEB-INF/tld/report.tld</taglib-location>
</taglib>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test-policy</realm-name>
<form-login-config>
<form-login-page>/start.run?action_type=login</form-login-page>
<form-error-page>/start.run?action_type=relogin</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
and my testDS is :
<!-- ===================================================================== -->
<!-- -->
<!-- JBoss Server Configuration -->
<!-- This file is generated by Streamlet. -->
<!-- Don't change it. It will be overwritten -->
<!-- ===================================================================== -->
<datasources>
<local-tx-datasource>
<jndi-name>testDS</jndi-name>
<connection-url>
jdbc:mysql://localhost/mydb</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<user-name>root</user-name>
<password></password>
<min-pool-size>2</min-pool-size>
<max-pool-size>10</max-pool-size>
</local-tx-datasource>
</datasources>
thank you