Yes, it is there. It is the second one from the bottom, right above "other".

> I don't see (yet) anything wrong. I'll have a closer
> look later today. For now, let me just check a few
> points:
> - you are using a standard JBoss 3.x installation
> (with integrated jetty)

Yes.

> - when surfing to a page in the /restricted dir, you
> do get a login form and the actual login succeeds or
> seems to succeed. if so: which username/password? how
> can it be validated, is it using a
> usersrolesloginmodule, or..>?

No, the login fails and my error pages shows up.

> - the problem you have is that your custom module is
> not called (and you'r confident about this ;-)

Yes, this is the problem. As currently coded my custom login module could be expected to fail. It is not complete. However, none of the logging messages associated with failure appear. And, as I said in an earlier message when I changed the access-panel domain to use one of your pre-built authenticators, it failed in exactly the same way, with exactly the same log message.

> - did you try it with a restarted jboss? you know
> login results are cached by jboss and therefore
> tracing might fool you ....

Yes, I restarted it several times. That did not make any difference.

Steve

I noticed that but I did not know what to put in for the realm name - also the DTD comments say that realm-name is only needed for BASIC method logins, not FORM method logins. I am willing to try it, but what realm-name should I use? Does it have to match up with some other name in some other file?

All right. I have added a realm-name to web.xml. I have also modified login-config.xml to point to a new Custom logging module that I have written that breaks it all down to the barest essentials - it either always succeeds or always fails depending on the config parameters. All methods are supposed to write to the log, regardless. At present, it is configured to always fail. It throws no excpetions.

None of this has made any difference. No logging messages are emitted from my module. I am now 100% convinced my module is never being seen.

I have attached all relevant files including the log.

Where to go from here? Is there any way to see within the Security Manager to see what it thinks is going on?

Where should my login module live? Right now it lives in a jar in <jboss-home>/server/default/lib (this is deployed on my default server.

I don't know what else to try.

I DID attach all the relevant files I referred to in my previous post but either my browser or your forum application ate them. Let's try again.

Can anyone tell me where, if anywhere in the JMX console I might go to find anything useful? None of the entries under jboss.security tell me what I want to know.

Oh, in case you haven't been able to figure it out from the log, this is on jboss-3.0.6. The platform it is deployed on is SuSE Linux 8.0 (where I built JBoss from source). The java version is

Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_05-b02)

> The java version is
>
> Java(TM) 2 Runtime Environment, Standard Edition
> (build 1.3.1_05-b02)

Could this be the problem? Is there anything special I must do to use jaas in jboss with jdk-1.3???

Oops, was using a bad login-config.xml. However, fixing this and restarting jboss did not solve the problem. Corrected login-config.xml attached.