I may be forgetting about a configuration option somewhere, but a custom module would definitely work. You'd probably only need to override one or two methods so it wouldn't be much to write.
I wouldn't worry about it though. One extra query at login won't impact your performance. JBoss caches the credentials so it doesn't need to check on every request. I'm willing to bet it's not even in your top 25 performance optimizations for the app.
Joined: Mar 12, 2002
Thanks Norman for the reply.
You got my point I was little skeptical about the extra query for "Roles" in case of DatabaseServerLoginModule (which is not needed for our login page as we don't have roles).
So I have following 2 optoins : 1. Customize DatabaseServerLoginModule (which will execute 2 queries one on Users table and other on Roles table ) OR 2. Don't use DatabaseServerLoginModule at all but define Servlet to query Users table only. [ July 21, 2005: Message edited by: Meg Adal ]
Joined: Jul 21, 2003
Option 3 is to create a custom login module which extends DatabaseServerLoginmodule and overrides the roles query to return a static set of roles. This shouldn't be more than 20-30 lines of code.