My stack is as follows :
* JSF 1.2, Facelets, Richfaces 3.2.1
* JAAS - authentication and authorization
* Tomcat 6
Points to note :
1. JAAS is working. I'm able to login into the application.
2. Roles are working. CMA intercepts when I hit a secured resource.
3. Authentication mechanism in web.xml
<login-config> <auth-method>FORM</auth-method> <realm-name>myrealm</realm-name> <form-login-config> <form-login-page>/faces/login/login.jsf</form-login-page> <form-error-page>/faces/login/loginerror.jsf</form-error-page> </form-login-config> </login-config>
I know this thread is not about JBoss per se. There aren't any JAAS fourms that I know of.