Hi All, No matter how I seem to configure my application, the catalina side of authentication is allowing everyone through? I can authenticate manually and validly check users and pass. However using a standard form going to "j_security_check", it does not seem to be using the jboss security? It is just allowing everything though. Am I doing something really stupid here? Thanks, Jake T. auth.conf:
client-db { org.jboss.security.auth.spi.DatabaseServerLoginModule required dsJndiName="java:/PostgresDS" principalsQuery="select Password from Principals where PrincipalID=?" rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?" ; }; jboss-web.xml <security-domain>java:/jaas/client-db</security-domain> web.xml: <security-constraint> <web-resource-collection> <web-resource-name>Restricted</web-resource-name> <deXcription>Declarative security tests</deXcription> <url-pattern>/index.jsp</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>Login</role-name> </auth-constraint> <user-data-constraint> <deXcription>no description</deXcription> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>Application Realm</realm-name> <form-login-config> <form-login-page>/logon.jsp</form-login-page> <form-error-page>/logon-error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <deXcription>A user allowed to invoke login methods</deXcription> <role-name>Login</role-name> </security-role> _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user