I have been deploying an ear that includes security constraints. The ear works as expected except for security which seems to be ignored by JBoss and Tomcat. Security works with a war that is deployed by Tomcat but an ear deployed by JBoss seems to ignore the security constraints. I am using ftp://jboss.sourceforge.net/pub/jboss/jboss-tomcat-2.1-beta.zip which I downloaded today. Also, does anyone have a simple secure ear that I can test deploy? Thanks, -James <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"> <web-app> <security-role> <role-name>Manager</role-name> </security-role> <servlet> <servlet-name>Manager</servlet-name> <servlet-class>foo.bar.Manager</servlet-class> </servlet> <servlet-mapping> <servlet-name>Manager</servlet-name> <url-pattern>/manager/*</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> <auth-constraint> <role-name>Manager</role-name> </auth-constraint> </web-resource-collection> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>ManagerRealm</realm-name> </login-config> </web-app> _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
