Now that I've written almost everything else but this I want to come back to it, hopefully someone's more helpful than google so far.
Sure Google knows almost everything, you just have to know how to ask.
Looking at
this article I see I need a policy and a conf file, I only have the conf file.
Now I'm trying to define the config policy's contents.
Lets say my web services are in package com.javaranch.ws and the rest of my code in various com.javaranch packages, can I even require the custom login module for certain packages as opposed to applications?