Here a short example for a security-domain that has to be configured in the urn:jboss:domain:security subsystem:
<security-domain name="mysecuritydomain" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS" />
<module-option name="principalsQuery" value="select u.password from users u where u.name=?" />
<module-option name="rolesQuery" value="select r.name as rolename, 'Roles' as rolegroup from users u, roles r, users_roles ur where ur.user_id=u.id and ur.role_id=r.id and u.name=?" />
<module-option name="hashAlgorithm" value="SHA-256" />
<module-option name="hashEncoding" value="base64" />
<module-option name="hashCharset" value="UTF-8" />
</login-module>
</authentication>
</security-domain>
To use the domain in your application here an example jboss-web.xml descriptor:
<?xml version="1.0" encoding="UTF-8"?> <jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_6_0.xsd" version="6.0"> <security-domain>mysecuritydomain</security-domain> <context-root>/example</context-root> </jboss-web>