If you place a default security setting in conf/web.xml, for instance this one...
<security-constraint > <web-resource-collection > <web-resource-name >Protected Context</web-resource-name> <url-pattern >/*</url-pattern > </web-resource-collection > <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <!-- Define the login configuration for this application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>General Web domain</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> The role that is required to log into the web system. <role-name>user</role-name> </security-role> Then it works correctly. If you then want to tighten security on another area, like this.... <!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. --> <security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ml_backoff-dev</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>ml_backoff-dev</role-name> </security-role> and correctly setup the jboss-web.xml file, like so... <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. --> <security-domain>java:/jaas/highbridge</security-domain> Nothing happens. If however, you use a different security domain (not the one used in the default configuration), then it also works properly, like so... <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. --> <security-domain>java:/jaas/jmx-console</security-domain> How do I fix this? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3898998#3898998 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3898998 ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user