3 Replies Latest reply on Aug 3, 2002 1:09 PM by dmitry_ame

    Authentication in JBoss3.0.0


      Hello, folks. I'm having some troubling setting up authentication for a web app in JBoss 3.0.0 (3.0.0beta2(200204161011), checked out from CVS an hour ago).

      I have an app (deployed under context /af) that needs to be secured. Here's the web.xml and jboss-web.xml portion relative to security:
      <!-- web.xml -->
      A aplicação inteira


      <!-- jboss-web.xml -->

      I also modified login-config.xml. Here's the realm configuration for this app:
      <application-policy name="TeledataRealm">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule">
      <module-option name="dsJndiName">java:/TeledataDS</module-option>
      <module-option name="principalsQuery">
      SELECT senha FROM agentes WHERE login = ?
      <module-option name="rolesQuery">
      SELECT role_name, role_group FROM roles WHERE role_agen_login = ?


      When accessing my app, the browser's login windown DOES popup. However, it accepts any user/password combination, including nonexistant users.

      Anyone can shed some light into my problem?