0 Replies Latest reply on Jul 15, 2003 6:12 AM by shmel

    Why it does not work?

    shmel Newbie

      Hello!
      I am trying to add authentication to my servlet.

      Here are my descriptors:

      web.xml:
      ...
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>ViewStats</web-resource-name>
      <url-pattern>/view-stat</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>developer</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Viewing statistics.</realm-name>
      </login-config>

      <security-role>
      <role-name>developer</role-name>
      </security-role>
      ...

      jboss-web.xml:

      <jboss-web>
      <security-domain>java:/jaas/Administration</security-domain>
      </jboss-web>

      login-config.xml:
      ...
      <application-policy name = "Administration">

      <login-module code = "org.jboss.security.auth.spi.UserRolesLoginModule" flag="required">
      <module-option name="userProperties">spl.users</module-option>
      <module-option name="roleProperties">spl.roles</module-option>
      </login-module>

      </application-policy>
      ...

      But when I start the servlet it works even if I use the wrong name and password. I tried used DatabaseLoginModule with the same result.

      Please, what is my mistake?