1.Config jboss-web.xml, the name after /jaas/ must be same with application-policy name in login-config.xml.

<jboss-web>
    <security-domain>java:/jaas/lams</security-domain>
 </jboss-web>

2. Config login-config.xml, which locates in ${JBOSS}/server/conf or ${JBOSS}/server/default/conf
 

      <application-policy name = "LAMS">
       <authentication>
          <login-module code = "org.lamsfoundation.lams.security.UniversalLoginModule" flag = "required">
             <module-option name="authenticationPropertyFile">c:/lamsconf/authentication.xml</module-option>
          </login-module>
       </authentication>
    </application-policy>

3.In authentication.xml

<Authentication>
?????
<Method Name="LAMS-Database" Enabled="true">
      <Param Name="dsJndiName">java:/jdbc/lams-ds</Param>
      <Param Name="principalsQuery">select password from lams_user where login=?</Param>
      <Param Name="rolesQuery">select name,'Roles' from lams_role, lams_user where login=?</Param>
</Method>
???

4.So, in mysql-ds.xml, which locate in ${JBOSS}/server/default/ folder, will have such definition for Data source

<datasources>
  <!-- lams-ds datasource for use by LAMS Core and Services -->
  <local-tx-datasource>
    <jndi-name>jdbc/lams-ds</jndi-name>
      ???

5.javax.security.auth.spi.LoginModule will implement javax.security.auth.spi.LoginModule interface
6.In login.jsp
 

   <form action="<%= response.encodeURL("j_security_check") %>" method="post" name="form1" id="form1">
    <input name="j_username" type="text"" size="15" />
<input name="j_password" type="password" size="15" AUTOCOMPLETE="off"/> 
<input type="submit" value="Login"/>
     </form>