PLEASE! I'm in pain!
I've read every line of the Admin Guide, Scott's JavaWorld article, and somebody's post on JavaRanch at least four times. I've read over 100 posts to this forum looking for clues, and I've found lot's of people frustrated with security, but little in the way of answers. I've resorted to hours upon hours of changing lines in my deployment that I know won't make a difference, and they don't. I'm trying to switch my production app from BEA to JBoss next week, but I'm stumped!
What I don't get is this: In my web.xml I specify the role for an auth-constraint. Is this the exact same role that needs to be returned from my rolesQuery Role and/or RoleGroup? In classic J2EE fashion, shouldn't there be some mapping between a role specified in the web.xml to a role in my deployment environment? If so, how do I do this? Returning the same value doesn't seem to work, unless I've unwittingly messed that up somehow...
On another note, Scott originally wrote his JavaWorld examples for 2.4. Do they work verbatim in 3.2?
OK. Finally, I found the secret key.
The answer, as some of you on the inside have already guessed, was that there is a second column to the rolesQuery with a constant value of 'Roles', the only value that JBoss accepts.
Now that I know the answer, I can see in the Admin book where the constant value was used, but nothing was said about why it was there, and there was no special attention drawn to these obscure little bytes. Scott's JavaWorld article did not have this constant, and no mention of RoleGroup except in the example for UsersRolesLoginModule.
Forgive me for being new, but is it possible to add one line to the Admin PDF that draws attention to this at the bottom of page 417? I see that there are other careless souls who have made my mistake, and surely more to come.
Agreed, i'm actually trying to find out what the difference is between role and role group. Would you have an explination you'd be willing to share?