0 Replies Latest reply on Aug 16, 2002 6:19 AM by Matt

    Specifying the security domain for a web app

    Matt Newbie

      Help !

      I can't work out how to specify the security domain for my web app. I'm just trying to run up a basic example that restricts access to a sub dir so I can get a feel for jboss configuration. I've got a DataSource set up and configured the login module in login-config.xml. This seems to be okay as it appears in the JNDIView. However, when I specify it in jboss-web.xml that appears to be ignored. I get the following in the jboss std out -

      10:25:28,080 WARN [JBossUserRealm#default] authentication failure: matt
      10:25:28,080 WARN [Jetty] WARNING: AUTH FAILURE: user matt

      So it looks like JBoss is trying some other realm ? Below are my web descriptors for reference. Any got any ideas ? It's blowing my head off ....

      This is my web.xml -

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
      <web-resource-name>GUI constraint</web-resource-name>
      Security constraint
      Constraint gui
      SSL not required


      The role required to access restricted content

      And jboss-web.xml -

      <?xml version="1.0" encoding="UTF-8"?>
      <!-- Use the JaasSecurityMgr loginWebapp security domain for authentication
      and authorization of secured web content.