You need to define the security-domain to use in the web layer
using a WEB-INF/jboss-web.xml descriptor:
<jboss-web>
<security-domain>java:/jaas/<your-domain-here></security-domain>
</jboss-web>
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
From: "Simon Peter Nicholls" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 18, 2002 11:42 AM
Subject: [JBoss-user] Problems with security Roles under JBoss 3.0
> Hi everyone,
>
> I've recently moved my app to JBoss 3.0 from Orion but am having trouble
> with the request.isUserInRole() call. I've set up a db security policy
> in login-config.xml which works fine from the authorization point of
> view, but the roles detected in the request.isUserInRole call aren't
> related to what's in the db.
>
> Switching from Jetty to Tomcat as the web container made no difference,
> and neither did using the UsersRolesLoginModule. Every time I check if a
> principle making a request is in a role it returns true! Even if I check
> for a role like "frustrated_developer" which is never defined anywhere.
>
> Did I miss something fundamental? Do I need to switch off a default
> "allow role inclusion" parameter? I'm suffering badly, please help!
----------------------------------------------------------------------------
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
