Hi all, Following some hints, tips, articles I'm trying to develop a small sample using JAAS & JBoss. I think I have understood the concepts, but when I start to code, things became hard... hehehe. Maybe I have forgot something... I don't know exactaly. According what I have read, I proceed like this: Step 1: Declare a new application policy in login-config.xml at conf dir: | <application-policy name = "jaas-webapp-domain"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" | flag = "required"> | <module-option name = "unauthenticatedIdentity">pirata</module-option> | <module-option name = "dsJndiName">jdbc/jaasDS</module-option> | <module-option name = "principalsQuery">SELECT PASSWORD FROM USERS WHERE LOGIN=?</module-option> | <module-option name = "rolesQuery">SELECT LOGIN, 'Roles' FROM ROLES WHERE LOGIN=?</module-option> | </login-module> | </authentication> | </application-policy> Step 2: Modify web.xml file: | <security-constraint> | <web-resource-collection> | <web-resource-name>página dos pebas</web-resource-name> | <url-pattern>/peba/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>peba</role-name> | </auth-constraint> | </security-constraint> | | <security-role> | <role-name>peba</role-name> | </security-role> | | <login-config> | <auth-method>BASIC</auth-method> | <realm-name>jaas-webapp-realm</realm-name> | </login-config> Step 3: add jboss-web.xml inside WEB-INF dir. Like this: | <?xml version="1.0" encoding="UTF-8"?> | <jboss-web> | <security-domain>java:/jaas/jaas-webapp-domain</security-domain> | </jboss-web> I have tried to write de sql to query principals in a WRONG WAY (i.e. missing table name after from keywork, missing where keyword) just to see if jboss would complain, tell me that something was wrong.... But nothing happened. I think it isn't called... IE shows me the login window, I try 3 times, and I get a forbidden error... but no sql error appears in jboss log... Maybe tag X in file Y must have the same value as tag Z in file W and I didn't realize... What I'm doing wrong? should I find some reference to my security domain(java:/jaas/jaas-webapp-domain ) in jmx-console? I didn't found. My datasources are there... I found them... I hope that you can understand me e send me some help. Thanks in advance. Excuse me for any english mistakes. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962555#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...