I have got the same problem in JBoss3.0fr. I think it is because of my incorrect login-config.xml, for if i change the <security-domain> in jboss-web.xml to an invalid one auth will pop up indicating default UsersRolesLoginModule works.
Could anyone show me where i miss in my login-config.xml ? Attached is a part of my login-config.xml and WEB-INF files of my war. Thanks for reading. regards, Cloudor > ----- Original Message ----- > From: "Piwowar, Heather" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, May 31, 2002 8:47 AM > Subject: [JBoss-user] No auth prompt using security-constraint > > > > I'm trying to get BASIC auth up and running for my web application. I have > > modified my web.xml file (see below). The implementation works fine under > > the J2EE reference implementation (I get prompted for a username and > > password when I try to reference the page). > > > > However, When I try to deploy my EAR under Jboss-2.4.4_Tomcat-4.0.1, I do > > not get prompted for a username and password... it acts as if the > > security-contraint is not set. There are no errors in loading the EAR or > > showing the page (see below). > > > > Any ideas? I'm feeling really stuck! > > > > Thanks so much, > > Heather
<application-policy name="mydomain"> <authentication> <login-module code="org.jboss.security.ClientLoginModule" flag = "required"> </login-module> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name="dsJndiName">java:/MySqlDS</module-option> <module-option name="principalsQuery"> select passwd from Passwd where username=? </module-option> <module-option name="rolesQuery"> select role, 'Roles' from Roles where username=? </module-option> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> </authentication> </application-policy>
<?xml version="1.0" encoding="UTF8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <security-constraint> <web-resource-collection> <web-resource-name>ROOT</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>echo</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app>
<jboss-web> <context-root>/</context-root> <security-domain>java:/jaas/mydomain</security-domain> </jboss-web>