Hi,
I think you could use a simpler approach to your login module, as you need the standard functionality of username + password plus an additional EJB access check.
So, your login module could be a subclass of e.g. "org.jboss.security.auth.spi.DatabaseServerLoginModule" (source code e.g. here: http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html ) , and you might add your own EJB access check to an override of "getRoleSets":
@Override
protected Group[] getRoleSets() throws LoginException
{
String username = getUsername();
Group[] roleSets = super.getRoleSets();
//Try to access EJB here:
if ( ejbaccessFail)
{
roleSets = new Group[0];
}
return roleSets;
}
If the EJB access fails with a security exception, you could return an empty RoleSet.
Think about it, hopefully your security config will become much easier by this, and hopefully error detection will be easier.
By the way: to configure your login module, you might use this approach, too (you need 5.1 for this): http://server.dzone.com/articles/security-features-jboss-510
Best regards
Wolfgang