the jboss-web.xml file does not exist until you write one. If it's just for securing the web app, this one should suffer:
This file is placed where the web.xml also lives, that is WEB-INF subdirectory in the web archive file.
In the login-conf.xml, you define all usable security domains, in the jboss-web.xml you refer to a special one (must be previously defined, of course).
Hope that helps
I asume your ear-file contains a war-file.
Just put the jboss-web.xml along with your web.xml in there.
The jboss-web.xml looks like this:
The "yourloginmodule" referres to the name that you have used in the login-config.xml file.
if you have already been helped, nevermind. otherwise...
you need to create a jboss-web.xml file and it will have a single entry (for these purposes anyway):
where "client-login" is the name of whichever security domain you want to use.
jboss-web.xml should be placed in the WEB-INF directory of your war file.
i wrote an article about this with some sample code at:
in the article, i refer to a couple of java world articles that are quite helpfull - one on JBossSX written by the main security developer. it is at: http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html