hello,
I have a web-application running under JBoss 4.0.1sp1. I use basic authentication on my web-application. It seems like the login mechanism is working fine; I am able to log in to my main web-page. But when I try to access any further pages from there, I get a 401-error (which means unauthorized):

2005-09-21 09:41:19,407 ERROR [STDERR] javax.servlet.jsp.JspException: Exception reading resource http://localhost/sid-admin/topmenu.jsp: java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost/sid-admin/topmenu.jsp

Does anybody have a solution to this? I do believe my URL-pattern is correctly defined?

Here are excerpts from my web.xml and login-config.xml files:

web.xml:

 <!-- Define a Security Constraint on this Application -->
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Entire Application</web-resource-name>
 <description>Security constraint for sid-admin</description>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>sid-administrator</role-name>
 </auth-constraint>
 </security-constraint>

 <!-- Define the Login Configuration for this Application -->
 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>SID Administration</realm-name>
 </login-config>

 <security-role>
 <description>A user allowed to invoke the sid-admin application</description>
 <role-name>sid-administrator</role-name>
 </security-role>

login-config.xml:

 <application-policy name="sid-administrator">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/OracleDS</module-option>
 <module-option name="principalsQuery">select password from xyz_user where user_name=?</module-option>
 <module-option name="rolesQuery">select role, 'Roles' from xyz_user_role where user_name=?</module-option>
 </login-module>
 </authentication>
 </application-policy>