I just followed the tutorial for JAAS and tried implementing my own protection of my sample webapp. Everything seems to work okay, but no matter what i put for a password or login (valid or not), i am able to access my page?
Is there a way to turn up logging so taht i can see what the problem is behind the scenes.
I tried to break it by referencinng a non-existent policy name in my jboss-web.xml. but it still went thru w/o any errors?
if i have a servlet/jsp only web app. do i only package web.xml and jboss-web.xml in my war?
my jboss-web.xml is really simple and wonder if that is contributing to the problem.
it looks like:
<?xml version="1.0" encoding="UTF-8"?>
Turn on TRACE level logging on the org.jboss.security category in log4j.xml:
<category name="org.jboss.security"> <priority value="TRACE" class="org.jboss.logging.XLevel"/> </category>