Trying to get JAAS up and running with
JBOSS 3.2.6 (including
tomcat),
I'm using FORM authentication, I've declared the login.jsp correctly, I've got my login-config.xml defined, I've declared the relevant security-constraint and the security role in web.xml, I've put the security-domain in the jboss-web.xml etc etc.
When I try to login using my login.jsp I always get the access denied page ie the authentication isn't working.
Everything that should happen seems to happen, I can see JBOSS attempting the authentication, the debug output is :
The application-policy declared in my login-config.xml uses DatabaseServerLoginModule and ClientLoginModule. I want to be able to call some EJBs following authentication and I understand that I need ClientLoginModule in order to avoid having to authenicate over again when I call something in the
EJB container. The principlesQuery and rolesQuery are both correct. I know that the username password I'm supplying are valid because I've written some
test code to see if I can login and when I look at the debug statements in my code I can clearly see a Subject populated with Principals one of which corresponds to the username password I'm supplying.
I'm unsure of the role of the auth.conf file in all of this, is it relevant when I'm using tomcat deployed inside JBOSS? Is there anything else I missed?
