I looked through the web and found out how to setup form based authentication, it took a little trying, so I thought I would post my results in how I setup form based authentication.
in the login-config.xml I left basically the same, used the default "other" setting which was at the bottom of the login-config.xml file.
/home/terry/jboss-3.0.6/server/default/conf/login-config.xml
<application-policy name = "other">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
<module-option name="unauthenticated-identity">who</module-option>
</application-policy>
I used the jboss-web.xml to look at the configuration of "other" in login-config.xml
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
made a text file to hold my users, passwords and roles, users.properties and roles.properties.
/home/terry/jboss-3.0.6/server/default/conf/users.properties
some=user
/home/terry/jboss-3.0.6/server/default/conf/roles.properties
some=role1
then in my web.xml file I declared my <security-constraint> and my <login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/secure</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/failed_login.html</form-error-page>
</form-login-config>
</login-config>
I then setup my /login.html page
Username
Password
and that did it. I hope this helps.
-Piter