Server Version: JBoss 3.2.5

I am using the jbossweb-tomcat50 that is part of this server. I am not able to setup Authentication using the JNDIRealm. When I use Tomcat as a standalone, independent server (when it is not part of the JBoss bundle) I did the following to setup Authentication:

1) In WEB-INF/web.xml, I set up the security constraints as follows:

<security-constraint>
<web-resource-collection>
<web-resource-name>pempm</web-resource-name>
<url-pattern>order/*</url-pattern>
<url-pattern>*.html</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ACCESS</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>order</realm-name>
<form-login-config>
<form-login-page>/Login.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>

2) In the $CATALINA_HOME/conf/server.xml, I have setup the JNDIRealm which has the LDAP configuration

The above setup works well when I use Tomcat as a standalone server...but, how do I use the JNDIRealm in JBoss? I tried to put all the LDAP information in the login-config.xml and created an application-policy with a name 'order'. In my jboss-web.xml for this webapp, I have included the following line

<security-domain>java:/jaas/order</security-domain>

This didn't work...it takes me to the LoginError.html page (as defined in the web.xml snapshot above)...and I don't see any error messages in the console to try and troubleshoot...

Is there any way to use JNDIRealm of the Tomcat server, when I use jbossweb-tomcat50.sar? or should I depend on the login-config.xml?

If I don't use the jboss-web.xml file, regardless of what I enter in the
username and password field, I get to the Home page, when I hit the login button....

Can anyone help?

Thanks much,
Srini