Did you declare the role in the web.xml?
Thanks Peter for getting back to me. Here's my web.xml:
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
<!-- the entire site is secure (/* = everything) -->
<!-- only users belonging to the "Developer" group may access the site -->
<!-- tell the app server which authentication to use and where to
find the login page -->
<!-- use this for form based authentication -->
<!-- end form based authentication -->
<!-- list the possible security roles -->
Looks perfectly well to me....
think this could be a bug?
i'm not the only one running into this, and its not just with ldap, it with databases too...
> think this could be a bug?
> i'm not the only one running into this, and its not
> just with ldap, it with databases too...
I just wrote a test myself, and it works fine here. I can secure part of the web resources for one role, and request.isUserInRole("developer") returns true.
I'm afraid you are still having something else wrong.
I noticed your realm name is something like java:/jaas etc.
You do know you must specify the security domain in a jboss-web.xml file in the war, right?
I forget to mention that i tested against UsersRolesLoginModule. Maybe it's an idea you try this one also (at least, it could help me helping you ;-))
I got through all of my issues yesterday and today. The documentation on how to setup your directory to utilize the LDAPLoginModule is incorrect. It took going through the server code and debugging the LDAPLoginModule itself, but I got it :)
Now I have authentication and authorization on both EJB methods and the web.