Hi,
so I started with this page:
http://wiki.jboss.org/wiki/Wiki.jsp?page=CreateASimpleSecurityDomainForJBossSX, which took me to
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss
I have a file named jboss-web.xml in my WEB-INF that contains:

<security-domain>java:/jaas/bfcCheck</security-domain>

Problem is that in the jmx-console, JNDIView, I don't see a java:/jaas/bfcCheck

But the above web page says otherwise.

In login-config.xml (jboss-4.2.1.GA\server\default\conf\) I have added

<application-policy name = "bfcCheck">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
<module-option name="usersProperties">props/bfcCheck-users.properties</module-option>
<module-option name="rolesProperties">props/bfcCheck-roles.properties</module-option>
</login-module>

</application-policy>

And i configured my web.xml correctly - used BASIC auth-method.
When I request a security-constrained resource, I'm asked for user&passw, but after I hit enter the jboss log says (although I have the properties files in place):

[UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315)


I guess the problem is with the JNDI not having registered java:/jaas/bfcCheck
Can anybody help me please?