you can also use basic Servlet-container security to achieve a similar result:
| <security-constraint> | <web-resource-collection> | <web-resource-name>restricted-urls</web-resource-name> | <url-pattern>/myapp/auth/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>*</role-name> | </auth-constraint> | <!--user-data-constraint> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint--> | </security-constraint> | where 'auth' is a directory in your web application that contains pages requiring authentication. Of course you would not put your login page in the auth directory. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4084453#4084453 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4084453 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user