Hi my problem is that no matter what username password combo I enter in my login box (BASIC authentication) I am always granted access to the restricted resources.
my jboss-web.xml is as follows <jboss-web> <security-domain>java:/jaas/webcreator</security-domain> </jboss-web> my web.xml is as follows ... <security-constraint> <web-resource-collection> <web-resource-name>SecuredPages</web-resource-name> bla bla bla <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>power</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>power</role-name> </security-role> ... login-conf.xml is as follows ... <application-policy name = "webcreator"> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/mysqlDS</module-option> <module-option name = "principalsQuery">select password from users where username=?</module-option> <module-option name = "rolesQuery">select role 'Role', "Roles" as RoleGroup from access where username=?</module-option> </login-module> </application-policy> ... by changing the above details for securing jmx-console works fine and only the appropriate users have access, so I don't think there is a problem with the DatabasServerLoginModule in login-config.xml. Can anybody help with why it always lets me in, in my webapp. Is there anything else that is required other that jboss-web.xml, web.xml and login-config.xml thanks Mat View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3839388#3839388 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3839388 ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user