Hi,

I want to configure my application policy. I use jboss 4.2.3 GA for windows o.s.

I insert into login-config.xml this code:

    <application-policy name="myPolicy">
       <authentication>
          <login-module code="org.jboss.security.ClientLoginModule" flag="required">
             <module-option name="dsJndiName">java:/MyDS</module-option>
             <module-option name="principalsQuery">SELECT password FROM account WHERE username=?</module-option>
             <module-option name="rolesQuery">SELECT distinct(ruolo), 'Roles' FROM ruolo</module-option>
          </login-module>
       </authentication>
    </application-policy>

"SELECT distinct(ruolo), 'Roles' FROM ruolo" is test query, after I change it.

My web.xml is:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>All</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>MyRole</role-name>
        </auth-constraint>
    </security-constraint>
   
    <security-role>
        <role-name>MyRole</role-name>
    </security-role>

My jboss-web.xml is:

<jboss-web>
  <security-domain>java:/jaas/myPolicy</security-domain>
</jboss-web>

My problem is:

I login in my system correctly. Infact, if i use getRemoteUser, I read my username, but if I access my protect page, I get 403 error!

I have used other policy and it run.

    <application-policy name="myProfile">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
           <module-option name="usersProperties">my-users.properties</module-option>
           <module-option name="rolesProperties">my-roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy->

Can help me please?

Thanks