I was browsing Frank Nimphius's blog last night and found quite an interesting post there titled "Java: Calling a stored database procedure from Java
". This is an interesting post that, although is talking about an error that Frank resolved also talks about and gives an example for an authentication routine for a custom JAAS LoginModule. Franks gives examples and works through his problem and even mentions that has taken care of possible SQL Injection issues. He also said at the end that he intends to make his JAAS modules with OC4J and J2EE declarative security, document and publish on OTN. It will be worth watching out for that.