When I attempt to use FORM authentication, I change <auth-method> to FORM and uncomment <form-login-config>. My login form is displayed. I enter valid user credentials and the <form-error-page> is displayed. From the logging that I have included in my custom login module, I know that it is not being accessed.

I really would like to get an answer to this problem. While BASIC authentication works, it has a nasty side-effect due to the fact that the user credentials are cached in the browser.

Been offline while setting up a new computer. Before I created my custom login module, I tried the DatabaseServerLoginModule. I had the same problem. I created the custom login module so that I could attempt to track down the location of the problem.

I have been out-of-pocket and without Internet access. My primary objective is to use FORM Authentication. I do not necessarily need to use my custom login module. I only created it because the DatabaseLoginServerModule was not logging enough tracing information.

The central issue is that whenever I try to use FORM Authentication the logging always fails redirecting to the <form-error-page>. It appears that j_security_check never uses the specified security-domain. Is there something missing from the snippets that I originally provided?

I wish that I could get an answer on this issue. I know that there is a "duh" in the configuration but I cannot find it. Based on the number times this posting has been viewed, I assume that it is a common question.

I do not get it. I added

<category name="org.jboss.security">
 <priority value="TRACE" class="org.jboss.logging.XLevel"/>
 </category>

<application-policy name = "client-login">
 <authentication>
 <login-module code = "org.jboss.security.ClientLoginModule"
 flag = "required">
 </login-module>
 <login-module code = "com.fdsolutions.security.module.LoginModule"
 flag = "required">
 </login-module>
 </authentication>
 </application-policy>

<jboss-web>

 <security-domain>java:/jaas/client-login</security-domain>
 <context-root>/myapp</context-root>

 <!-- Resource Environment References -->

 <!-- Resource references -->

 <!-- EJB References -->

</jboss-web>

<security-constraint>
 <display-name>Server Configuration Security Constraint</display-name>
 <web-resource-collection>
 <web-resource-name>Protected Area</web-resource-name>
 <url-pattern>*.jsp</url-pattern>
 <url-pattern>*.do</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>user</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
 <login-config>
 <auth-method>FORM</auth-method>
 <realm-name>FDS</realm-name>
 <form-login-config>
 <form-login-page>/login.jsp</form-login-page>
 <form-error-page>/login-error.html</form-error-page>
 </form-login-config>
 </login-config>
 <security-role>
 <description>The role that is required to log in to the application</description>
 <role-name>user</role-name>
 </security-role>

<%@ page language="java" isThreadSafe="true" isErrorPage="false" %>

<html locale="true">
 <SCRIPT language="JavaScript">
 <!--
 top.location.target = "_top"
 if ( window.location.target != "_top" ) {
 top.location.href = window.location.href
 }
 // -->
 </SCRIPT>
 <head>
 <title>First Degree Solutions, LLC</title>
 <link rel=StyleSheet href="myapp.css" type="text/css" media=screen>
 </head>
 <body>
 <h1>Login</h1>
 <br/>
 <center>
 <form method="POST" action='<%= response.encodeURL( "j_security_check" ) %>' >
 <table>
 <tr>
 <th>Username:</th>
 <td><input type="text" name="j_username" size="15"/></td>
 </tr>
 <tr>
 <th>Password:</th>
 <td><input type="password" name="j_password" size="15"/></td>
 </tr>
 <tr/>
 <tr>
 <td colspan="2" align="right">
 <input type="submit" value="Submit"/>
 </td>
 </tr>
 </table>
 </form>
 </center>
 </body>
</html>