Have a look at the online manual at:
This is an example of JAAS based security in Jboss. Jump down to the chapter 'Deploy a Secured J2EE Ear', download the sample code and follow the instructions. It should have you running FORM based authentication (with JAAS and EJBs) in just 30 minutes.
When stuck, it usually helps for the motivation to see something that does works. It builds confident that you will later be able to find out WHY!!
Reading thru it, I got it to work AND I understand HOW it works. I was not aware of this document, but then again, I was trying to figure this all out late in the evening, under a "gun" to get something going.
Next topic for me to try is authenticating users against a database, but the example covers that as well..
Unfortunately they took the link off line: http://www.jboss.org/online-manual/HTML/ch12s78.html
If someone have the working example of authntication in jboss3, please help.
Please include followinf files in the example:
these examples have gone....and although we are buying the doc we do not have it yet...could you email them??
I am wondering which manual this was, I bought the 3.0 admin doc last year and there is a security chapter, but it does not appear to have the examples you mention not the 'Deploying a secure ear file' chapter. Is it the 2.4 book? or have they significantly updated the manual I bought last year?
it was the free 2.x manual maintained by a volunteer, you can still access it through the google cache, give it a try, it might help
btw, to get JDBC login working (very briefly, I don't have much time now, but maybe this might already help) :
1. configure web.xml to protect you resources, add login-form pages, use the asterisk to denote all roles may access the pages once the user is authenticated
2. in login-config.xml create a new realm using DatabaseServerLoginModule, enter the queries to get the roles from the DB, you will need to write SQL here
3. write jboss-web.xml to use this realm as a security domain
4. in jbosscmp-jdbc also use this realm
5. in ejb-jar use the roles for method level permissions
a good advice:
use google to search for 'DatabaseServerLoginModule' this will return some links to Scott Stark's very detailed but (efficiently written) documentation
IBM and BEA have good documentation online, you might find something there, if you find some links through Google we sure to check them out, often they have good examples
read the JBoss QuickStart for JBoss 3.x (freely downloadable from the file list on sourceforge)
you can find my configurations online here:
Thanks and your examples deployment descriptors were also helpful