Hi!
I'd like to create a war with some security constraints!

I modify login-config.xml and I create the database's tables:
<application-policy name = "dafne">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/MySqlDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWORD FROM PRINCIPALS WHERE PRINCIPAL_ID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLE,ROLEGROUP FROM ROLES WHERE PRINCIPAL_ID=?</module-option>
</login-module>

</application-policy>

I create jboss-web.xml:
<jboss-web>
<security-domain>java:/jaas/dafne</security-domain>
</jboss-web>

And finally I put the web constraints:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>

The authantication works good:
xxx.xxx.xxx.xxx - admin [04/Dec/2003:18:28:16 1000] "GET /aaa/index.jsp HTTP/1.1" 403 839
but a 403 will appear:
Access to the specified resource (Access to the requested resource has been denied) has been forbidden

Maybe JBoss can't bound username with role...
Why this don't work!? What I miss?!
Help me please!!!

Gio