basic-auth broken ----------------- Key: JBWEB-66 URL: http://jira.jboss.com/jira/browse/JBWEB-66 Project: JBoss Web Issue Type: Bug Security Level: Public (Everyone can see) Affects Versions: JBoss Web Server 1.0.0 GA Environment: Linux Reporter: Mark Stewart Assigned To: Mladen Turk Assuming that Jboss Web is configured identically to the web container in AS, it seems that basic-auth support is broken. That is, the server doesn't send a 401 for protected urls. Here's the post I made three weeks ago on the Jboss Web Server forum: "I have a webapp I usually run in JBoss AS that I'm trying to get running under JBossWeb. I've added the same entry to login-module.xml in the default/conf/ directory and a jboss-web.xml file whose <security-domain> tag points at the entry in default/deploy/<my-web-app.war>/WEB-INF. JBossWeb doesn't block the access to the protected pages, however." This is tested by the J2EE CTS so I guess JBossWeb wasn't tested against it (or the failure was ignored) prior to the GA release. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira