you should not use Tomcat methods to handle security but JBoss methods.
To do this:
1) Add a file "WEB-INF\jboss-web.xml" to your web project with this content (a security domain is configured, which is something similar to your realm):
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd"> <jboss-web> <security-domain>mysecuritydomain</security-domain> ... </jboss-web>
2) Configure a login module for this security domain. As your user data seems to be defined in a database, use a "org.jboss.security.auth.spi.DatabaseServerLoginModule":
Hope this is enough to get started.
thanks for the tip, will try that, but shouldn't it be posible to use tomcat security methods as well? as far as i know tomcat is a core component of jboss, or am i wrong there?
sorry, but the answer to this question is beyond my knowledge ;-).
I just wanted to provide you with a solution that works for me, and the ClassCastException sounds as if those two authentication methods don't work together.
Hello! I have the same problem. Any idea?