I want Jboss to handle security only for access to web resources (not EJB) but I can't get the SecurityInterceptor to forward to the security domain I have defined (Tomcat 4.01 Jboss 2.4.4)
I have set the following in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/test/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>AutoDiscount</role-name>
</auth-constraint>
</security-constraint>
but haven't set any login-config (i want to have a custom login) - can that work?
I have also set the security-domain in jboss-web.xml and written the server module referenced for this domain in auth.conf
My login page is not protected under this security. When I submit the form of login details I want to forward to a secure area, after authentication. At the moment I get the message:
Cannot perform access control without an authenticated principal
How can I use JBossSX to fire off the login method of my Login module with the form information when I try to access pages restricted by web.xml?