DatabaseServerLoginModule improvement ------------------------------------- Key: JBAS-3029 URL: http://jira.jboss.com/jira/browse/JBAS-3029 Project: JBoss Application Server Issue Type: Feature Request Security Level: Public(Everyone can see) Components: Security Reporter: YCS WYW Priority: Optional I would like to configure "org.jboss.security.auth.spi.DatabaseServerLoginModule" with complex SQL statements on "principalsQuery" and "rolesQuery" (like: SELECT 'User', 'Roles' FROM USERS WHERE username=? UNION SELECT 'Administrator','Roles' FROM ADMINISTRATORS WHERE username=? ) But the SQL statements are executed by "java.sql.PreparedStatement" with only 1 parameter value for the first "?" (username). And the SQL statements that contains more than 1 "username" parameter doesn't work. I may be solved with the next modifications: In class "org.jboss.security.auth.spi.Util" : ----------------------------------------------------------------- Changing "ps.setString(1, username);" of third "getRoleSets" method with these other statements: int index = 0; int param = 1; while( (index = rolesQuery.indexOf("?", index)) >= 0) { ps.setString(param++, username); index++; } And in class "org.jboss.security.auth.spi.DatabaseServerLoginModule": --------------------------------------------------------------------------------------------------------------- Changing "ps.setString(1, username);" of method "getUsersPassword" with these other statements: int index = 0; int param = 1; while( (index = principalsQuery.indexOf("?", index)) >= 0) { ps.setString(param++, username); index++; } Thanks.