In previous versions of JBoss EAP 6, the JASPIC auth-module configuration in the security subsystem was ignoring the "module" attribute. This attribute tells PicketBox where to load custom auth-module classes from.
As a result, custom JASPIC auth-modules could not be configured as PicketBox was unable to determine the jboss module that should be used.
As the module attribute already exists in the security subsystem schema, the fix involved adding code in the security subsystem to handle this attribute, allowing PicketBox to correctly load custom modules.
As a result, users can now configure custom JASPIC auth-modules by using the "module" attribute to indicate the jboss-module that contains the custom module class.