i have the same problem......
any ideas??????

mmm
it seems that there is an incomplete answer to the problem here:

http://www.theserverside.com/news/thread.jsp?thread_id=20623#91435

> > You can manually authenticate using JAAS.
>
> Not as far as I found out. You need to write a LoginModule (yes thats JAAS) but you need to use JBoss specific classes such as UsernamePasswordHandler. You need to bind the whole authentication into a SAR using a rather complex mechanizem and its a huge pain. If you got something simple going on then I'd love to hear about it but setting up my authentication was a nightmare.
>
> In this project we need to set up the application and when it starts up place a default "administrator" that can later on add users. I have a UserBean and a RoleBean and I set up the DatabaseServerLoginModule. This sort of works. it requires you to modify the login-config.xml and you have to do it in the JBoss installation directory rather than in the ear itself. You can do a trick with a SAR file but that only works in 3.0.x and not 3.2.x/4.x. I'd rather place everything in the EAR so I won't have to ship JBoss to the clients but rather tell them to download it, this also simplifies the configuration to other team mates. I have an initialize() method in my session bean thats supposed to create the User and do some SQL setup:


Not true, we have been using a configuration-only dynamic security since 3.0.x up to 3.2.2RC2!

It is just a sar file containing only
Meta-inf/jboss-service.xml
Meta-inf/login-config.xml

The sar file is contained in the ear file, to get a single deploy unit.

^Torsten

/** The managment bean interface for the XML based JAAS login configuration object.

@author Scott.Stark@jboss.org
@version $Revision: 1.3.2.1 $
 */
public interface XMLLoginConfigMBean extends ServiceMBean
{
 /** Set the URL of the XML login configuration file that should
 be loaded by this mbean on startup.
 */
 public URL getConfigURL();
 /** Set the URL of the XML login configuration file that should
 be loaded by this mbean on startup.
 */
 public void setConfigURL(URL configURL);

 /** Set the resource name of the XML login configuration file that should
 be loaded by this mbean on startup.
 */
 public void setConfigResource(String resourceName) throws IOException;

 /** Get whether the login config xml document is validated againsts its DTD
 */
 public boolean getValidateDTD();
 /** Set whether the login config xml document is validated againsts its DTD
 */
 public void setValidateDTD(boolean flag);

 /** Get the XML based configuration given the Configuration it should
 delegate to when an application cannot be found.
 */
 public Configuration getConfiguration(Configuration prevConfig);

 /** Add an application login configuration. Any existing configuration for
 the given appName will be replaced.
 */
 public void addAppConfig(String appName, AppConfigurationEntry[] entries);
 /** Remove an application login configuration.
 */
 public void removeAppConfig(String appName);

 /** Load the login configuration information from the given config URL.
 * @param configURL A URL to an XML or Sun login config file.
 * @return An array of the application config names loaded
 * @throws Exception on failure to load the configuration
 */
 public String[] loadConfig(URL configURL) throws Exception;
 /** Remove the given login configurations. This invokes removeAppConfig
 * for each element of appNames.
 *
 * @param appNames the names of the login configurations to remove.
 */
 public void removeConfigs(String[] appNames);

 /** Display the login configuration for the given application.
 */
 public String displayAppConfig(String appName);
}