3.6. Example Custom Authentication Module

Suppose you are working on a project where user names and passwords are stored in a relational database; however, the passwords are base64 encoded, so you can't use the DatabaseServerLoginModule module directly. You can provide a subclass: 
public class MyLoginModule 
    extends DatabaseServerLoginModule
{
   protected String convertRawPassword(String password)
   {
        try {
            return new String((new sun.misc.BASE64Decoder()).decodeBuffer(password));
        } catch (IOException e) {
            return password;
        }
   }
}
To use this new module, you will need to declare a new security domain in the server configuration file: 
<security-domain name="my-security-domain">
    <authentication>
        <login-module code="com.mycompany.MyLoginModule" flag="required">
            <module-option name="dsJndiName">java:MyDataSource</module-option>
            <module-option name="principalsQuery">select password from usertable where login=?</module-option>
            <module-option name="rolesQuery">select role, 'Roles' from users, userroles where login=? and users.roleId=userroles.roleId</module-option>
        </login-module>
    </authentication>
</security-domain>
After that, configure the transport to use the security domain with the new authentication module: 
<transport name="jdbc" protocol="teiid" socket-binding="teiid-jdbc">
	<authentication security-domain="my-security-domain"/>
</transport>

Note

DatabaseServerLoginModule is in the picketbox JAR (moved from jbosssx in earlier versions).
Maven pom.xml dependency example for Red Hat JBoss EAP: 
<dependency>
    <groupId>org.picketbox</groupId>
    <artifactId>picketbox</artifactId>
    <version>4.1.1.Final-redhat-1</version>
    <scope>provided</scope>
 </dependency>