I'm with you so far. I have logging on trace and I can see it all happening, and it succeeded, stone the crows.
BUT then having surmounted that hurdle, it fell at the next one. Tomcat threw a 403 access denied error on the protected pages. So, the roles must be up the creek. I was using AbstractServerLoginModule.createGroup() to create my 'Roles' group, which puts a nestableGroup in the Subject, and tomcat can't handle it. That is actually recommended by the javadoc for createGroup(), that I should use the method. But I abandoned it and created a SimpleGroup instead - safely or not, I'm not sure. No doubt when I come to secure the EJB layer, it may come back to haunt me. Am I OK or am I still doing it wrong? <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825936#3825936";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825936>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
