I try to configure a webapplication to use declarative security on jboss-3.2.1_tomcat-4.1.24
My application runs with https protocol and the
"org.jboss.security.auth.spi.DatabaseServerLoginModule" on HSQLDB.
When I use FORM based login and try to connect to a secured web ressource JBoss prompts me the loginformular.
If I login with the right username and password I can use all functions my Enterprisebeans offer.
When I login with a unregistered name JBoss shows me the restricted site, but errors occur when I try to use a secured function of my enterprise beans.
(When I try the authentication with BASIC login no window appears for username and password!!!)
It makes me mad!
Tomcat does not check my input against my userrealm and also doesnt try to connect to the database to figure out whether the user has the right to see the restricted pages!
(I tested my .war in Tomcat standalone, in the logfile i can see that Tomcat checks my input against his "userdatabase" for simplicity i took tomcat-users.xml for that test)
Where can I map the Tomcat login check to the JBoss realm I created?
I also have no idea what tomcat does with the input i onlyknow that it is written in the sessionobject, because JBoss checks the values from my login against the database, is there a special Tomcat log and can I increase the verbositylevel?
Thankful for every hint!!!!