Il Dima, In the web.xml there is a tag for security-roles. This needs to be the same as the user's role returned in the authentication query, as the user needs to be authorised to access the resource, as well as authenticated
In web.xml: <security-role> <role-name>user</role-name> </security-role> In login-config: <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="dsJndiName">java:/mySQL</module-option> <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option> <module-option name="rolesQuery">select Role,RoleGroup from Roles where PrincipalID=?</module-option> </login-module> Hope this helps.. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3912790#3912790 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3912790 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user