I'm having a bit of trouble using JAAS for security in JBoss 3.0. I've managed to connect Tomcat to JBoss and and have defined security roles and method permissions. I've run this application under the JBoss2.4.3_Tomcat3.2.3 package and it works perfectly. Now when I try to port it to JBoss 3.0 I recieve an error while attempting to load my web page


[23:36:15,311,StatefulSessionContainer] invoke returned an exception java.rmi.ServerException: Configuration Error: Invalid control flag, unauthenticatedIdentity; nested exception is: java.lang.SecurityException: Configuration Error: Invalid control flag, unauthenticatedIdentity
at com.sun.security.auth.login.ConfigFile.getAppConfigurationEntry(Confi gFile.java:221)
at javax.security.auth.login.LoginContext.init(LoginContext.java:176) at javax.security.auth.login.LoginContext.(LoginContext.java:339) at javax.security.auth.login.LoginContext.(LoginContext.java:454) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecur

On the web page itself I recieve a nullPointerException when trying to lookup a session bean.
Is the setup for security different in any way in JBoss 3.0? My application is set up exactly like in the JAAS howto example and works fine in JBoss 2.4.3.
What gives?