Hi,

I'm very new to this JBOSS and new to java too. I was trying to use the JBOSS & its security feature in JBOSS as I need to migrate my c++ application to java.

I want my server enabled with user login; So I added the form based login to verify the realm. I did the following, but I'm not able to see my login.jsp coming. Its opening all the pages without user authentication. Do I need to do any other thing to enable the client athentication.

Added the following in the webDefault.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Employee Protected Web</web-resource-name>
The following are protected services only accessable by employees
<url-pattern>/Business/*</url-pattern>
<url-pattern>/Employee/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyApp Realm</realm-name>
<form-login-config>
<form-login-page>Login.jsp</form-login-page>
<form-error-page>Login.jsp</form-error-page>
</form-login-config>
</login-config>

I jave the login.jsp in the document_root folder.

If I tried to set the needClientAuth=true for the HttpServer in the jetty.xml, I'm not able to see any of the my pages.

But no error in the server.

Let me know if you guys know some solution to this.

-RaM