Hi

Acc. to http://jira.jboss.com/jira/browse/JBAS-4149, the deployment role mapping can be specified in the deployment descriptor. But the authorization doesn't work for wars. I can authenticate fine.

I have a very simple war with just the index.jsp and I am using the LdapLoginModule. The security settings are :

web.xml
---------
<security-constraint>
<web-resource-collection>
<web-resource-name>ESS Security </web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role1</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<role-name>Role1</role-name>
</security-role>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>ESSJaasLDAPRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>


jboss-web.xml
---------------
<security-domain>java:/jaas/ESSJaasLDAPRealm</security-domain>
<security-role>
<role-name>Role1</role-name>
<principal-name>LWAAO_ITArchManager</principal-name>
<principal-name>LWAPR_PortalUsers</principal-name>
<principal-name>GWATB_Architecture</principal-name>
</security-role>


Also tried wrapping the WAR in a EAR but that did not help either. Does this new feature work only for EJBs ?

thanks,
Rajesh