I use jboss 3.2.2 and i configure application-policy with LdapLoginModule for my application.

 <application-policy name = "my_ldap">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag= "required">
 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
 <module-option name="java.naming.provider.url">ldap://ldap-server:389/</module-option>
 <module-option name="java.naming.security.authentication">simple</module-option>
 <module-option name="principalDNPrefix">uid=</module-option>
 <module-option name="principalDNSuffix">,ou=People,dc=mycompany,dc=com</module-option>
 <module-option name="uidAttributeID">memberUid</module-option>
 <module-option name="roleAttributeID">cn</module-option>
 <module-option name="roleNameAttributeId">cn</module-option>
 <module-option name="roleAttributeIsDN">false</module-option>
 <module-option name="matchOnUserDN">false</module-option>
 <module-option name = "rolesCtxDN">ou=Group,dc=mycompany,dc=com</module-option>
 <module-option name = "unauthenticatedIdentity">nobody</module-option>
 </login-module>
 </authentication>
 </application-policy>

I try to access my web-application in browser:

1) if i use correct username and correct password ALL WORKS -OK
2) if i use correct username and INcorrect(not blank) password AUTH DIALOG OPEN AGAIN - OK
3) if i use INcorrect username and any(not blank) password AUTH DIALOG OPEN AGAIN -OK
4) if i use INcorrect username and blank password TOMCAT PAGE ACCESS DENIED - i permit that OK
5) if i use correct username and blank password ALL WORKS !!! :(

It does not approach me.


It is a normal work ?
May be i forget some flag/attribute ?