My configuration is as such:
JBoss-2.4.3_Tomcat-3.2.3 bundle running on Windows 2000.
I have a functioning application (EAR file) deployed under jboss that uses forms based authentication with a mysql database.

I am serving regular html and web content from tomcat (no Apache right now), and have a need to use JBoss security to protect static html files in the webapps directory of tomcat. These are simple html files that editors will have to revise without redeploying an application every time. I would like to use the same security domain as my functioning application.

Am I approaching this the wrong way? Is it possible to protect web content (html, gif, etc.) without "deploying" an application, and if so, how is this done?

On a side note, I would eventually like to use Apache in front of my tomcat/jboss. Perhaps there is an easy way to accomplish my goals with this configuration???

Thanks for any replies.

-Travis
Software Engineer