OK, took 2 days, but I can almost make it work. (BTW, this stuff works right out of the box on any decent J2EE server. Only JBoss makes it a real challenge with their out-of-date, cryptic documenation. But we do like a challenge...)
The trick is to add the following tag to the jboss-web.xml
And then adding users.properties and roles.properties to the base directory of your classes at WEB-INF/classes. These are described in the source code, and there are sample files in the deployment.
The jaas/other security domain is defined in the login-conf.xml and tells jboss to use the username password in these properties files.
I learned all this by downloading the JBoss source, and adding log statements until I could see what was really going on.
I'm not quite there yet however. The roles.properties file doesn't seem to do the job. Even though I'm getting authenticated, the role is not rolling up to the security constraint in the web.xml...
Sorry about the crack about the out-of-date / cryptic documentation. On the plus side at least there is not much of it.
Turning on basic authentication suitable for a simple dev environment is quite easy. See previous post, and the users.properties and roles.properties must be in the classes directory under WEB-INF.
Where to put my custom defined DatabaseRealm class. The class name is com.rex.DIPDatabaseRealm. In this class i m returning my custom defined Principal. In which Jboss configuration file should i mention this ? and where to put these classes.
When I tried this in standalone Tomcat, it was working fine when i put the CustomPrincipal class in tomcat/server/classes directory.