Hello!
I am trying to add authentication to my servlet.
Here are my descriptors:
web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>ViewStats</web-resource-name>
<url-pattern>/view-stat</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>developer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Viewing statistics.</realm-name>
</login-config>
<security-role>
<role-name>developer</role-name>
</security-role>
...
jboss-web.xml:
<jboss-web>
<security-domain>java:/jaas/Administration</security-domain>
</jboss-web>
login-config.xml:
...
<application-policy name = "Administration">
<login-module code = "org.jboss.security.auth.spi.UserRolesLoginModule" flag="required">
<module-option name="userProperties">spl.users</module-option>
<module-option name="roleProperties">spl.roles</module-option>
</login-module>
</application-policy>
...
But when I start the servlet it works even if I use the wrong name and password. I tried used DatabaseLoginModule with the same result.
Please, what is my mistake?