[jboss-jira] [JBoss JIRA] Created: (JBWEB-66) basic-auth broken

[Mark Stewart (JIRA)]

basic-auth broken
-----------------

                 Key: JBWEB-66
                 URL: http://jira.jboss.com/jira/browse/JBWEB-66
             Project: JBoss Web
          Issue Type: Bug
      Security Level: Public (Everyone can see)
    Affects Versions: JBoss Web Server 1.0.0 GA
         Environment: Linux
            Reporter: Mark Stewart
         Assigned To: Mladen Turk


Assuming that Jboss Web is configured identically to the web container in AS, it seems that basic-auth support is broken. That is, the server doesn't send a 401 for protected urls. 

Here's the post I made three weeks ago on the Jboss Web Server forum: 

"I have a webapp I usually run in JBoss AS that I'm trying to get running under JBossWeb. I've added the same entry to login-module.xml in the default/conf/ directory and a jboss-web.xml file whose <security-domain> tag points at the entry in default/deploy/<my-web-app.war>/WEB-INF. JBossWeb doesn't block the access to the protected pages, however."

This is tested by the J2EE CTS so I guess JBossWeb wasn't tested against it (or the failure was ignored) prior to the GA release. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira