Hi,

I am trying to get an application working that communicates between JBOSS server and a client via HTTP. Basically this works fine. But now I am facing a problem.
I want to secure the JNDI lookup by using the default security constraint defined in the web.xml of the invoker.war in the http-invoker.sar.
But when my java client tries to make a look up following error message appears in the server log:

Code:

2007-07-24 16:42:03,612 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties,
 users=[user, timerecorder]
2007-07-24 16:42:03,612 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties,
 users=[timerecorder]
2007-07-24 16:42:03,612 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for u
sername=null
2007-07-24 16:42:03,612 DEBUG [org.jboss.ejb3.security.Ejb3AuthenticationInterceptor] Authentication
 failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

This is strange as my client provides proper credentials!

Code:

env.put(InitialContext.PROVIDER_URL, "http://myhost/invoker/restricted/JNDIFactory");
env.put(InitialContext.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
env.put(InitialContext.SECURITY_PRINCIPAL, "username");
env.put(InitialContext.SECURITY_CREDENTIALS, "password");
env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");

try
{
 ctx = new InitialContext(env);
}
catch (NamingException e1)
{
 e1.printStackTrace();
}

The LoginModule seams to be correct as it works when I use
org.jboss.security.jndi.JndiLoginInitialContextFactory for example!

Do I miss something?