I'm using jboss-4.0.5.GA installed with the ejb3 "flavor". I'm using the default install. Playing around with securing some web content. I created a login.html page for now that has the proper fields: j_username & j_password. Its post action references j_security_check. jboss-web.xml: | <?xml version="1.0" encoding="UTF-8"?> | <jboss-web> | <security-domain>java:/jaas/SPDB</security-domain> | </jboss-web> | web.xml: | <web-app> | <security-constraint> | <web-resource-collection> | <web-resource-name>All resources</web-resource-name> | <description>Protects all resources</description> | <url-pattern>/*</url-pattern> | | | </web-resource-collection> | <auth-constraint> | <role-name>MyUser</role-name> | </auth-constraint> | </security-constraint> | | <security-role> | <description>My User Role</description> | <role-name>MyUser</role-name> | </security-role> | | <login-config> | <auth-method>FORM</auth-method> | <realm-name>SPDB</realm-name> | <form-login-config> | <form-login-page>/login.html</form-login-page> | <form-error-page>/error.html</form-error-page> | </form-login-config> | </login-config> | </web-app> | I've copied one of the other application-policy sections from login-config.xml trying to get some sort of response out of JBoss in the log files. This is what I've added in to login-config.xml right now (in $JBOSS_HOME/server/default/conf): | <application-policy name = "SPDB"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" | flag = "required"> | <module-option name = "unauthenticatedIdentity">guest</module-option> | <module-option name = "dsJndiName">java:/polarDS</module-option> | <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option> | <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option> | </login-module> | </authentication> | </application-policy> | Here is what happens: when I hit the URL of a secured jsp page, the login page comes up as it should. When I type in the user name, pw and hit "login", I immediately get the error page. The JBoss console and log files don't even show a single message when I press "login" - let alone showing an entry that anything went wrong.. In fact, the startup logs don't even mention the new application-policy (called "SPDB"); they should - shouldn't they? I'm left thinking that perhaps JAAS isn't even turned on. Being a newbie, I've poured through the documentation and can't find anything on "turning on" JAAS security - it appears to be turned on by default (am I wrong there?). I expect I'm missing something simple, and I would appreciate any pointers that you can provide... Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3990542#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...