I posted this in the Beginners Forum and then the JAAS forum, but did not get any answers either place. I think that it is a very basic thing, I am just new to JBOSS and J2EE in general.
I have been trying to pull together just a simple example of how to secure a web page. I have a web page called: Secured.html in the directory com/pav/web.
When I attempt to access the Secured.html page, it pops up the Basic Auth dialog. Then, no matter what I type in for username and password, it takes me to the Secured.html screen. I have also exactly replicated this behavior with FORM logins instead of BASIC.
I'm sure that I am missing something really basic.
Most of the stuff in the files below are pulled together as best I can figure out from the JBOSS documentation.
Thanks in advance,
--Bruce
------- web.xml snippet --------
<security-constraint>
<web-resource-collection>
<web-resource-name>The Login Stuff</web-resource-name>
<url-pattern>/com/pav/web/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>AuthorizedUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>The Restricted Zone</realm-name>
</login-config>
<security-role>
The role required to access
<role-name>AuthorizedUser</role-name>
</security-role>
--------- jboss-web.xml ----------
<security-domain>java:/jaas/other</security-domain>
---------- the war file ----------
META-INF/
META-INF/MANIFEST.MF
com/
com/pav/
com/pav/web/
com/pav/web/Secured.html
users.properties
roles.properties
WEB-INF/
WEB-INF/web.xml
WEB-INF/jboss-web.xml