Hi, I'm trying to migrate from Tomcat. Using FORM authentication in a web app, with security constraints configured in web.xml. In Tomcat, realms was being configured at META-INF/context.xml | <Context> | <Realm className="org.apache.catalina.realm.DataSourceRealm" | debug="1" dataSourceName="jdbc/db" localDataSource="true" | digest="MD5" userTable="user" userNameCol="login" | userCredCol="password" userRoleTable="permission" | roleNameCol="category" /> | </Context> | In JBoss, I tried to reuse this configuration in my war, but authentication not worked. So, I read various articles, and tried to configure JBoss to use JAAS: 1) /conf/login-config.xml : add the entry | <application-policy name="db"> | <authentication> | <login-module flag="required" code="org.jboss.security.auth.spi.DatabaseServerLoginModule"> | <module-option name="dsJndiName">java:/jdbc/db</module-option> | <module-option name="hashAlgorithm">MD5</module-option> | <module-option name="hashEncoding">hex</module-option> | <module-option name="principalsQuery"> | select password from User where login=? | </module-option> | <module-option name="rolesQuery"> | select category as Roles, 'roles' as RolesGroups from Permission where login=? | </module-option> | </login-module> | </authentication> | </application-policy> | 2) jboss-web.xml | <jboss-web> | <security-domain>java:/jaas/db</security-domain> | </jboss-web> | At this point, I'm able to authenticate, but the server don't assign any authorization to the logged user (request.isUserInRole(role) always returns false). Any help? Thanks in advance. Miranda. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3994210#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...