I am trying to have my applet login back to the server on which the war containing the applet is deployed. When I try to execute the following code inside the applet:

System.setProperty ("java.security.auth.login.config", "jaas.config");
AppCallbackHandler handler = new AppCallbackHandler( userName, password );
LoginContext lc = new LoginContext("TestClient", handler);
lc.login();

I get the following exception:
Login failed java.lang.SecurityException: unable to instantiate LoginConfiguration

java.lang.SecurityException: unable to instantiate LoginConfiguration
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:212)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:166)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:163)
at javax.security.auth.login.LoginContext.(LoginContext.java:319)


I read that the LoginContext constructor will throw a SecurityException if it does not have permission to access the config file, but I have granted all permissions to the applet:

grant codeBase "http://localhost:8080/-" {
permission java.security.AllPermission;
};

I am not sure if the context is having a problem finding the config file--I have it located at the root in the same jar in which my applet exists.

Do I need to locate the file somewhere else?

I have gotten this to work for a stand-alone (non-applet) client, so I know that my config file and AppCallbackHandler should not be the problem.

Thanks.