I am currently using JBoss 4.0.4 and try to write my own LoginModule to authenticate to a restricted web resource collection:
<security-constraint> <web-resource-collection> <web-resource-name>SampleApplication</web-resource-name> <url-pattern>/SampleApplication/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>CertifiedUser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-role> <role-name>CertifiedUser</role-name> </security-role>