A security-domain can only load login-modules from a single JBoss module -------------------------------------------------------------------------- Key: WFLY-7412 URL: https://issues.jboss.org/browse/WFLY-7412 Project: WildFly Issue Type: Bug Components: Security Reporter: Derek Horton Assignee: Stefan Guilhen Fix For: 11.0.0.Alpha1 A security-domain can only load login-modules from a single JBoss module. Even though the security-domain configuration will allow each login module defined within a single security-domain to have a "module" attribute, the only module that is used to load the login-modules is the last "module" attribute that the parsing system locates. For example, with the following configuration, it looks like "org.jboss.example.CustomLoginModule" should be loaded from the "org.jboss.example" jboss-module and "org.jboss.example.CustomBaseCertLoginModule" should be loaded from the "org.jboss.another.example" jboss-module: <security-domain name="jmx-console" cache-type="default"> <authentication> <login-module code="org.jboss.example.CustomLoginModule" module="org.jboss.example" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/> </login-module> <login-module code="org.jboss.example.CustomBaseCertLoginModule" module="org.jboss.another.example" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/> </login-module> </authentication> </security-domain> Unfortunately, it does not work like this. Only the "org.jboss.another.example" jboss-module is used to load the custom login modules.