I am using jboss-4.0.0RC2. I am trying to use form-based declarative security. My web.xml is: <web-app xmlns="http://java.sun.com/xml/ns/j2ee" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" | version="2.4"> | | <display-name>Certification</display-name> | <description>no description</description> | | <servlet> | <servlet-name>showlogs</servlet-name> | <display-name>Show Logs</display-name> | <description>no description</description> | <servlet-class>com.onestraw.servlets.ShowLogs</servlet-class> | </servlet> | <servlet-mapping> | <servlet-name>showlogs</servlet-name> | <url-pattern>/sec/showlogs</url-pattern> | </servlet-mapping> | | <security-role> | <role-name>admin</role-name> | </security-role> | <security-role> | <role-name>users</role-name> | </security-role> | <login-config> | <auth-method>FORM</auth-method> | <realm-name>certification</realm-name> | <form-login-config> | <form-login-page>/login.html</form-login-page> | <form-error-page>/loginError.html</form-error-page> | </form-login-config> | </login-config> | <security-constraint> | <web-resources-collection> | <web-resource-name>Show Log Records</web-resource-name> | <url-pattern>/sec/*</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | </web-resources-collection> | <auth-constraint> | <role-name>admin</role-name> | </auth-constraint> | </security-constraint> | </web-app> My jboss-web.xml is: <jboss-web> | <!-- Uncomment the security-domain to enable security. You will | need to edit the htmladaptor login configuration to setup the | login modules used to authentication users.--> | <security-domain>java:/jaas/certification</security-domain> | | </jboss-web> | I have added this to my login-config: <application-policy name = "certification"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required" /> | </authentication> | </application-policy> My user.properties has: matthew=frodo | kaylene=bilbo and my roles.properties has: matthew=admin,users | kaylene=users both files being in my classes dir in my war. I am expecting the server to present me with my login form page when I try to access /sec/showlogs but instead it lets me access that servlet without any authentication. Does anyone know what I am doing wrong?
Thx, Matthew View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3877027#3877027 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3877027 ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user