This is correct behaviour - the user has not requested the home page so declarative security will not kick in and they will be forwarded wherever your web app dictates, whether logged in or not. As soon as they try to access anything they ARE requesting a secured resource and declarative security DOES kick in.
HTH Ivor View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977223#3977223 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977223 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
