Hi!
I'm using this configration (and it works for me):
*jboss-web.xml code:
<jboss-web>
<security-domain>
java:/jaas/mySecurityDomain</security-domain>
</jboss-web>
*web.xml code:
<security-constraint>
<web-resource-collection>
<web-resource-name>authenticated-user-pages</web-resource-name>
<url-pattern>/auth/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>b2bCustomer</role-name>
<role-name>b2cCustomer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>login</web-resource-name>
<url-pattern>/guest/login.do</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>j_security_ceck</web-resource-name>
<url-pattern>/j_security_check</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>eShop kupci</realm-name>
<form-login-config>
<form-login-page>/guest/login.do</form-login-page>
<form-error-page>/guest/loginError.do</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>b2bCustomer</role-name>
</security-role>
<security-role>
<role-name>b2cCustomer</role-name>
</security-role>
Hope this will help you!