0 Replies Latest reply: May 7, 2012 1:04 PM by karin k RSS

security-domain: configuration for authorization

karin k Newbie

Hi everybody


I was playing around a bit with the security subsystem of JBoss AS 7 (version 7.1.1)


For testing purpose I have configured the following in the standalone.xml file


  <security-domain name="other" cache-type="default">


                        <login-module code="Simple" flag="required"/>



                        <policy-module code="DenyAll" flag="required"/>




In my test app (the quickstart helloworld servlet) I can see that for authentication the org.jboss.security.auth.spi.SimpleServerLoginModule is taken as described here https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration.

But I cannot see that the class org.jboss.security.authorization.modules.AllDenyAuthorizationModule is loaded or used.

Is something wrong with my configuration?


Find attached my web.xml file and my standalone.xml file




Thanks for your help