It might be true now but I had configuration hell...
| <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd"> | | <jboss-web> | | <security-domain>java:/jaas/fooSecurityPolicy</security-domain> | | <!-- Resource Environment References --> | | <!-- Resource references --> | | <!-- EJB References --> | | </jboss-web> | | <?xml version='1.0'?> | <!DOCTYPE policy PUBLIC | "-//JBoss//DTD JBOSS Security Config 3.0//EN" | "http://www.jboss.org/j2ee/dtd/security_config.dtd"> | <policy> | <application-policy name="fooSecurityPolicy"> | <authentication> | <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | <module-option name="dsJndiName"> | java:/fooDatasource | </module-option> | <module-option name="principalsQuery"> | SELECT password FROM user WHERE userId=?; | </module-option> | <module-option name="rolesQuery"> | SELECT role, 'Roles' FROM role r | INNER JOIN user u ON u.userID = r.userID | WHERE u.userId=? | </module-option> | <module-option name="ignorePasswordCase">true</module-option> | <module-option name="hashCharset">UTF-8</module-option> | <module-option name="hashEncoding">hex</module-option> | <module-option name="hashAlgorithm">MD5</module-option> | </login-module> | </authentication> | </application-policy> | </policy> | | <?xml version="1.0" encoding="UTF-8"?> | <server> | <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" | name="foo:service=DynamicLoginConfig"> | <attribute name="AuthConfig">foo-login-config.xml</attribute> | <depends optional-attribute-name="LoginConfigService"> | jboss.security:service=XMLLoginConfig | </depends> | <depends optional-attribute-name="SecurityManagerService"> | jboss.security:service=JaasSecurityManager | </depends> | </mbean> | </server> | | <security-constraint> | <web-resource-collection> | <web-resource-name>Secure Area</web-resource-name> | <description>Security for Protected Pages</description> | <url-pattern>/secure/*</url-pattern> | <http-method>POST</http-method> | <http-method>GET</http-method> | </web-resource-collection> | <auth-constraint> | <description>Only valid users can use the secure resources</description> | <role-name>fooUser</role-name> | </auth-constraint> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <security-constraint> | <web-resource-collection> | <web-resource-name>Admin Area</web-resource-name> | <description>Administrator Protected Pages</description> | <url-pattern>/admin/*</url-pattern> | <http-method>POST</http-method> | <http-method>GET</http-method> | </web-resource-collection> | <auth-constraint> | <description>Only valid admin users can use the secure resources</description> | <role-name>fooAdmin</role-name> | </auth-constraint> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <login-config> | <auth-method>FORM</auth-method> | <realm-name>fooSecurityPolicy</realm-name> | <form-login-config> | <form-login-page>/login.seam</form-login-page> | <form-error-page>/loginError.seam</form-error-page> | </form-login-config> | </login-config> | | <security-role> | <description>An foo system user</description> | <role-name>fooUser</role-name> | </security-role> | | <security-role> | <description>An foo admin user</description> | <role-name>fooAdmin</role-name> | </security-role> | | | <ejb-jar> | <security-domain>java:/jaas/fooSecurityPolicy</security-domain> | <assembly-descriptor> | <interceptor-binding> | <ejb-name>*</ejb-name> | <interceptor-class>org.jboss.seam.ejb.SeamInterceptor</interceptor-class> | </interceptor-binding> | </assembly-descriptor> | </ejb-jar> | | <jboss-app> | <module> | <service>foo-login-service.xml</service> | </module> | <loader-repository> | seam.jboss.org:loader=foo | </loader-repository> | </jboss-app> | Personally I would use the simplified version if you can. I have always disliked JAAS. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4032124#4032124 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4032124 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user