Why do we have to write our own custom class, as per documentation it is supporting the hashalgorithm already. if you mention the following options in login-config.xml <application-policy name="myapp"> | <authentication> | <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | <module-option name="dsJndiName">java:/ngirmDS</module-option> | <module-option name="principalsQuery">Select PASSWORD from USERS where LOGINNAME =?</module-option> | <module-option name="rolesQuery">Select GROUPNAME , 'Roles' from USERGRPASSOC where LOGINNAME =?</module-option> | <module-option name="hashAlgorithm">SHA</module-option> | <module-option name="hashEncoding">Base64</module-option> | <module-option name="hashCharset">UTF-8</module-option> | </login-module> | </authentication> | </application-policy> But i tried this, it is not working. Any idea ?? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983586#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...