Hello everyone!

I come with following problem. I'm tring to get on with my security in my application. I've started with the simplest thing I've found - which is SimpleServerLoginModule. I added following lines to login-config.xml:

<application-policy name="simple">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.SimpleServerLoginModule"
 flag="required" />
 </authentication>
</application-policy>

When I restart JBoss, I can't find java:/jaas/simple binding at JNDI. My application comes with error:

HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal

type Status report

message Configuration error: Cannot perform access control without an authenticated principal

description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden.

My web.xml part:

...
 <security-constraint>
 <web-resource-collection>
 <web-resource-name> Seam test security</web-resource-name>
 <url-pattern>/*</url-pattern>

 </web-resource-collection>
 <auth-constraint>
 <role-name>user</role-name>
 </auth-constraint>
 </security-constraint>
 <login-conf>
 <auth-method>BASIC</auth-method>
 </login-conf>
...

and jboss-web.xml:

<jboss-web>
 <security-domain>java:/jaas/jbossmq</security-domain>
</jboss-web>

I'm using JBoss4.0.3SP1. I'm stucked with it for few days. Please help...