I have been trying to pull together just a simple example of how to secure a web page. I have a web page called: Secured.html in the directory com/pav/web.

When I attempt to access the Secured.html page, it pops up the Basic Auth dialog. Then, no matter what I type in for username and password, it takes me to the Secured.html screen.

I'm sure that I am missing something really basic, but I am very new to J2EE..

Most of the stuff in the files below are pulled together as best I can figure out from the JBOSS documentation.

Thanks in advance,
--Bruce

------- web.xml --------
<security-constraint>
<web-resource-collection>
<web-resource-name>The Login Stuff</web-resource-name>
<url-pattern>/com/pav/web/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>AuthorizedUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>The Restricted Zone</realm-name>
</login-config>

<security-role>
The role required to access
<role-name>AuthorizedUser</role-name>
</security-role>

--------- jboss-web.xml ----------

<security-domain>java:/jaas/other</security-domain>


---------- the war file ----------
META-INF/
META-INF/MANIFEST.MF
com/
com/pav/
com/pav/web/
com/pav/web/Secured.html
users.properties
roles.properties
WEB-INF/
WEB-INF/web.xml
WEB-INF/jboss-web.xml