Good news is that I've tested in 4.0.3SP1 and it's working there. I did my tests just using the UsersRolesLoginModule, and initially against the 'other' security definition which worked.
Then I noted how tomcat5.5.sar (META-INF/jboss-service.xml) links to jaas/other by default. So I duplicated and renamed it in login-config.xml to try it as a 'different' login config, and it still worked. login-config.xml: | <application-policy name = "sec-test"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required" /> | </authentication> | </application-policy> | | jboss-web.xml: | <security-domain>java:/jaas/sec-test</security-domain> | Paranoid as I am I decided that maybe it was just failing and going to 'other', I then changed the default security domain to jbossmq, to ensure that I wasn't magically failling back to 'other' <attribute name="DefaultSecurityDomain">java:/jaas/jbossmq</attribute> I know that UsersRolesLoginModule works. I still need to test with my custom login module, that will come tomorrow. If it works I'm going to pitch for a move to the new server, but I don't know if they'll go for it, and if they do, if it will be in my lifetime. Given the still heavy use of 3.2.3 it would be nice to be able to resolve the original problem though. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3939021#3939021 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3939021 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
