I was facing the same problem just now, but I've just managed to fix it!
The problem seems to be the principalsQuery.
According to the documentation you have to put the "Role" and "RoleGroup" in principalsQuery and they have to be with exactly case to match.
SQL prepared statement to be executed in order to map roles. It should be an equivalent to select Role, RoleGroup from Roles where PrincipalID=?, where Role is the role name and RoleGroup column value should always be "Roles" with capital R.
I was also not seeing anything, but I've enabled the below tag (just like Chris told) in my standalone.xml and now I'm able to see errors like "invalid login/password" in the logs.
<logger category="org.jboss.security">
<level name="TRACE"/>
</logger>
What I've done to confirm that the server was at least querying the database was to check the MySQL (in my case) logs to see if it was being queried.
All in all, the below configuration is what is working for me and btw it seems that few module-options like "hashEncoding" are not being used anymore (also according to the docs).
<security-domain name="example-jaas-realm">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/jboss/datasources/TestDS"/>
<module-option name="principalsQuery" value="select password as 'Password' from users where username=?"/>
<module-option name="rolesQuery" value="select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ?"/>
</login-module>
</authentication>
</security-domain>
Edit
It seems that even after matching agains the database and giving a session to the user, it is still not able to access the protected area. I believe that it has to do something Role and RoleGroup.
2014-03-20 02:03:23,116 TRACE [org.jboss.security] (default task-9) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@c84b3766, cache entry: null
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000209: defaultLogin, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@c84b3766
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000221: Begin getAppConfigurationEntry(example-jaas-realm), size: 4
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000224: End getAppConfigurationEntry(example-jaas-realm), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=select password as 'Password' from users where username=?
name=dsJndiName, value=java:/jboss/datasources/TestDS
name=rolesQuery, value=select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ?
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000236: Begin initialize method
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000262: Module options [dsJndiName: java:/jboss/datasources/TestDS, principalsQuery: select password as 'Password' from users where username=?, rolesQuery: select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ?, suspendResume: true]
2014-03-20 02:03:23,121 TRACE [org.jboss.security] (default task-9) PBOX000240: Begin login method
2014-03-20 02:03:23,121 TRACE [org.jboss.security] (default task-9) PBOX000263: Executing query select password as 'Password' from users where username=? with username renann
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000241: End login method, isValid: true
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000242: Begin commit method, overall result: true
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000263: Executing query select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ? with username renann
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000263: Executing query select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ? with username renann
2014-03-20 02:03:23,125 TRACE [org.jboss.security] (default task-9) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@248d105d, subject: Subject(690838634).principals=org.jboss.security.SimplePrincipal@730498373(renann)org.jboss.security.SimpleGroup@1160321194(teste_role(members:teste_role))org.jboss.security.SimpleGroup@1160321194(admin_role(members:admin_role))org.jboss.security.SimpleGroup@1160321194(CallerPrincipal(members:renann))
2014-03-20 02:03:23,125 TRACE [org.jboss.security] (default task-9) PBOX000201: End isValid, result = true
Here's my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<security-constraint>
<display-name>Security Constraint Test Display Name</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>CONNECT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>teste_role</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>example-jaas-realm</realm-name>
<form-login-config>
<form-login-page>/index.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-role>
<role-name>teste_role</role-name>
</security-role>
</web-app>