We are using jboss 3.2.3 and using a security contraint for NTLM. We can authenticate fine. But once authenticated, our forms that have 'input' fields on them are 'lost' when submitted.
They are being submitted with an action="post".
If I remove the security constraint, the application works fine. (minus the fact no security is performed)

If I use ieHttpHeader utility tool, I see the posted data when I am not securing the application, but when I turn security back on, the posted data is not present any longer on the request.

1-where is the data being lost? What is not putting the posted data on the request?
2-How can I correct.

Thanks

Security contains in web.xml is:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured Content</web-resource-name>
Require users to authenticate
<url-pattern>/secure/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
Only allow Authenticated Users role
<role-name>Users</role-name>
</auth-constraint>
<user-data-constraint>
Encryption is not required for the application in general.

<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

JBoss-web.xml looks like:
<jboss-web>
<security-domain>java:/jaas/pdk-eiam-security</security-domain>

<ejb-ref>
<ejb-ref-name>ejb/UserInfoSession</ejb-ref-name>
<jndi-name>ejb/UserInfoSession</jndi-name>
</ejb-ref>

</jboss-web>