1 Reply Latest reply on May 7, 2002 3:12 PM by uglyhead69

JBoss 3.0 RC1 ignores my .war file's security-constraint

uglyhead69 May 6, 2002 5:38 PM

The subject sort of says it all. I have a .war file that is successfully deployed, it contains a security constraint to restrict everything under a certain directory to an admin role. When I access those resources, I am not presented with a dialog box to enter a username or password. The auth-method is set to BASIC, and my users.properties and roles.properties files are located in $JBOSS_HOME/server/default/conf

I have not changed anything else. It is my understanding that authentication should default to org.jboss.security.auth.spi.UsersRolesLoginModule. At the very least, if I have specified a security-constraint, shouldn't JBoss disallow access to the url-pattern even if it can't find an authorization mechanism?

I should also mention that I have tried placing the users.properties and roles.properties files in various places which I will list here, but JBoss gives me no indication of ever finding them, or looking for them in any of the logged output, list follows:

$JBOSS_HOME/lib
$JBOSS_HOME/server
$JBOSS_HOME/server/default
$JBOSS_HOME/server/default/deploy
$JBOSS_HOME/server/default/conf
My system classpath
under WEB-INF/classes in the deployed .war

Thanks for reading,
Matt

1. Re: JBoss 3.0 RC1 ignores my .war file's security-constraint

uglyhead69 May 7, 2002 3:12 PM (in response to uglyhead69)

Answering own question... I didn't have a jboss-web.xml file.
Actions