Here's some added details I downloaded the zip and unpacked Jboss 2.4.0beta1 and did the same for my Jboss AS. Im using it on Windows XP professional SP1. Right now I'm not using a database and am sticking to user/user and admin/admin to log in... so no JDBC Connector either... I can bypass the login page by going to a link of another page... for example... by default i am getting a login page for http://localhost:8080/portal but no login for the news page http://localhost:8080/portal/portal/default/News. The badlogin.jsp page pops up correctly when I type in the wrong username and password... Any help is appreciated.
Here's my web.xml file ... /*****start*****/ <?xml version="1.0"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> IMS Portal <!-- Comment/Uncomment to enable portal session replication --> <!-- The portal servlet is the main entrance point --> <servlet-name>PortalServletWithPathMapping</servlet-name> <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class> <init-param> <param-name>asDefaultServlet</param-name> <param-value>false</param-value> The servlet needs to know wether it is set as a default servlet or not </init-param> <init-param> <param-name>controllerName</param-name> <param-value>portal:controller=Request</param-value> The request controller for the portal servlet </init-param> <load-on-startup>0</load-on-startup> <security-role-ref> <role-name>Authenticated</role-name> <role-link>Authenticated</role-link> </security-role-ref> <!-- The portal servlet is the main entrance point --> <servlet-name>PortalServletWithDefaultServletMapping</servlet-name> <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class> <init-param> <param-name>asDefaultServlet</param-name> <param-value>true</param-value> The servlet needs to know wether it is set as a default servlet or not </init-param> <init-param> <param-name>controllerName</param-name> <param-value>portal:controller=Request</param-value> The request controller for the portal servlet </init-param> <load-on-startup>0</load-on-startup> <security-role-ref> <role-name>Authenticated</role-name> <role-link>Authenticated</role-link> </security-role-ref> <!-- Provide access to unauthenticated users --> <servlet-mapping> <servlet-name>PortalServletWithPathMapping</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> <!-- Provide secure access to unauthenticated users --> <servlet-mapping> <servlet-name>PortalServletWithPathMapping</servlet-name> <url-pattern>/sec/*</url-pattern> </servlet-mapping> <!-- Provide access to authenticated users --> <servlet-mapping> <servlet-name>PortalServletWithPathMapping</servlet-name> <url-pattern>/auth/*</url-pattern> </servlet-mapping> <!-- Provide secure access to authenticated users --> <servlet-mapping> <servlet-name>PortalServletWithPathMapping</servlet-name> <url-pattern>/authsec/*</url-pattern> </servlet-mapping> <!-- Force the mapping of the index.jsp --> <servlet-mapping> <servlet-name>jsp</servlet-name> <url-pattern>/login.jsp</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>jsp</servlet-name> <url-pattern>/error.jsp</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>jsp</servlet-name> <url-pattern>/badlogin.jsp</url-pattern> </servlet-mapping> <session-config> <session-timeout>15</session-timeout> </session-config> <!-- | JDBC usage must be done with | DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/PortalDS"; --> <resource-ref> <res-ref-name>jdbc/PortalDS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Authenticated</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Secure</web-resource-name> <url-pattern>/sec/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Secure+Authenticated</web-resource-name> <url-pattern>/authsec/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Authenticated</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- | Uncomment to use BASIC authentication scheme. Don't forget to comment other | form authentication. --> <!-- <login-config> <auth-method>BASIC</auth-method> <realm-name>IMS Portal</realm-name> </login-config> --> <!-- | Uncomment to use FORM authentication scheme. Don't forget to comment other | form authentication. --> <!-- --> <login-config> <auth-method>FORM</auth-method> <realm-name>IMS Portal</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/badlogin.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>Authenticated</role-name> </security-role> </web-app> /****end****/ View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956189#3956189 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956189 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user