I tried to setup a webapp with basic authentication. I did the following:
1) web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>PrincipalServlet</web-resource-name>
<url-pattern>/PrincipalServlet</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ZREALM</realm-name>
</login-config>
2) jboss-web.xml
<?xml version="1.0"?>
<security-domain>java:/jaas/other</security-domain>
the security domain "other" is defined in /conf/login-config.xml.
3) I've copied the files users.properties and roles.properties to the WEB-INF/classes directory.
4) the servlet does the following:
Principal p = req.getUserPrincipal();
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("");
out.println("Principal Test");
out.println("Principal");
out.println("Name: " + p.getName());
out.println("ADMIN: " + req.isUserInRole("ADMIN"));
out.println("ERLAUBT1: " + req.isUserInRole("ERLAUBT1"));
out.println("");
If I access http://localhost:8080/sec_test/PrincipalServlet I won't be asked to enter username and password and isUserInRole() returns true in both cases.
What am I doing wrong?