Daniel, Do not forget to declare your security role admin in your web.xml file using the security-role element.
2.) You do not have to write a login module. Look at org.jboss.security.auth.spi.DatabaseServerLoginModule. 3.) You need to specify to JBoss that your web application should be secured by setting the security-domain element in your jboss-web.xml file. 4.) If you are securing EJB's you need to configure those as well. Read chapter 8 of the server guide at http://docs.jboss.org/jbossas/jboss4guide/r3/html/ch8.chapter.html have fun, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3927771#3927771 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3927771 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user