0 Replies Latest reply on Jul 8, 2002 11:30 AM by james elliot

    invoking SecurityInterceptor Tomcat 4.0

    james elliot Newbie

      I want Jboss to handle security only for access to web resources (not EJB) but I can't get the SecurityInterceptor to forward to the security domain I have defined (Tomcat 4.01 Jboss 2.4.4)

      I have set the following in web.xml:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Secure</web-resource-name>
      <url-pattern>/test/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>AutoDiscount</role-name>
      </auth-constraint>
      </security-constraint>

      but haven't set any login-config (i want to have a custom login) - can that work?

      I have also set the security-domain in jboss-web.xml and written the server module referenced for this domain in auth.conf

      My login page is not protected under this security. When I submit the form of login details I want to forward to a secure area, after authentication. At the moment I get the message:

      Cannot perform access control without an authenticated principal

      How can I use JBossSX to fire off the login method of my Login module with the form information when I try to access pages restricted by web.xml?