[JBoss-user] security in jboss + tomcat ?

[Sebastien CHAUSSON]

Hi, I'm a little bit confused in using tomcat embedded with jboss (jboss 3.0.2 + tomcat 4.0.4) : I deploy my web app in jboss, and I'd like to add simple security with tomcat : I just want user to give a userName and password to access to everything in my web-app (seems quite easy !?!) Though I tried many changes, I always managed to access to my web-app without any checks !!!   In my web.xml, I added following snippet :   <security-constraint>     <web-resource-collection>         <web-resource-name>MyApplication</web-resource-name>         <url-pattern>/*</url-pattern>     </web-resource-collection>     <auth-constraint>         <role-name>myRole</role-name>     </auth-constraint> </security-constraint>   <login-config>     <auth-method>BASIC</auth-method>     <realm-name>MyApplication</realm-name> </login-config> I also added following line in catalina/conf/tomcat-users.xml :   <user name="USER1" password="USER1" roles="myRole" />   any ideas ?   TIA,   Sebastien