A few different answers to your two last post: 1) With web applications, you can basically handle the login in two different way: BASIC authentication (that will cause the web browser to display the "standard" login window asking for user name and password) or FORM based authentication where you can create your own login page. Both are part of the J2EE servlet 2.3 specification. In the case of the FORM login (which seems to be what you want to do), you need to delcare your login page in the web.xml and you need to make sure that your login form is usign the standard names for the user and password fields (see servlet spec) as well as for the action associated to the form.
2) You seem to say that user will provide his username, password and role when login in. I do not think you want the user to specify his own role upon login. The roles attached to a user are specified as part of your role.properties file (in your currrent case). 3) In order to be able to remove some roles assigned to a user without restarting JBoss, you will have to use something else than the UsersRolesLoginModule that is based on property files that can not be dynamically updated. You might want to use the DatabaseServerLoginModule instead. You can then have an SQL script that you run to add/remove roles for your users when needed. Only caveat to that: if a user is currently using the application (he has already login and he did not logout yet), changing his roles in the database is not going to be taken into account (roles are established at the time the user is login in. After that they are cached and cannot be modified dynamically, or at least not without some custom JBoss code). Two options to fix this problem: a) provide a way to force the disconnect of all active clients. You should be able to do that by putting in place some kind of admin page that will allow you to invalidate all currently active HTTP session (might need to check in Tomcat documentation how this can be done). b) implement your own JACC provider that can then be much more dynamic in determining the roles for a given user. This is probably not the easiest thing to do. Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3886794#3886794 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3886794 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
