RE: [JBoss-user] security_check

[Emily Short]

Figured it out:  jboss-web.xml was not in the right place   -----Original Message----- From: Emily Short Sent: Wednesday, October 09, 2002 1:36 PM To: [EMAIL PROTECTED] Subject: RE: [JBoss-user] security_check   More info about this problem: I am using JBoss 3.0.3/Jetty and can’t see java:/jaas/testAppSecurity in my JNDIView.  I must be missing an obvious step somewhere.   Emily   -----Original Message----- From: Emily Short Sent: Wednesday, October 09, 2002 12:20 PM To: [EMAIL PROTECTED] Subject: [JBoss-user] security_check   I am trying to get j_security_check working but for some reason I am allowed to login no matter what bogus username and password I enter (or if I enter none at all).  I want to use the DefaultDB (Hypersonic) in order to authenticate, but I haven’t modified the DB at all yet so it seems to me that any attempt to login should fail.  I do not see any activity on the server when I log in.  Your help is appreciated   login-config.xml:   <application-policy name="testAppSecurity">        <authentication>           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required" >              <module-option name="dsJndiName">java:/DefaultDS</module-option>              <module-option name="principalsQuery">SELECT passwd FROM Users WHERE username=?</module-option>              <module-option name="rolesQuery">SELECT user_roles from UserRoles where username=?</module-option>           </login-module>        </authentication>     </application-policy>   web.xml:   <web-app>      <security-constraint>       <web-resource-collection>          <web-resource-name>Secure Content</web-resource-name>          <description>An example security config that only allows users with the role AuthorizedUser to access restricted content</description>          <url-pattern>/restricted/*</url-pattern>        </web-resource-collection>       <auth-constraint>          <role-name>AuthorizedUser</role-name>       </auth-constraint>    </security-constraint>      <login-config>       <auth-method>FORM</auth-method>       <realm-name>testAppSecurity</realm-name>       <form-login-config>          <form-login-page>/login.jsp</form-login-page>          <form-error-page>/login-error.html</form-error-page>       </form-login-config>    </login-config>      <security-role>       <description>Role required to access restricted content</description>       <role-name>AuthorizedUser</role-name>    </security-role>   </web-app>   jboss-web.xml   <jboss-web>    <security-domain>java:/jaas/testAppSecurity</security-domain>    <context-root>/</context-root> </jboss-web>     login.jsp snippet:   <form method="post" action="j_security_check"> Username: <input type="text" size="20" name="j_username"> <br> Password: <input type="password" size="20" name="j_password"> <br> <input type="submit" value="Login"> </form>