I was playing around a bit with the security subsystem of JBoss AS 7 (version 7.1.1)
For testing purpose I have configured the following in the standalone.xml file
<security-domain name="other" cache-type="default">
<login-module code="Simple" flag="required"/>
<policy-module code="DenyAll" flag="required"/>
In my test app (the quickstart helloworld servlet) I can see that for authentication the org.jboss.security.auth.spi.SimpleServerLoginModule is taken as described here https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration.
But I cannot see that the class org.jboss.security.authorization.modules.AllDenyAuthorizationModule is loaded or used.
Is something wrong with my configuration?
Find attached my web.xml file and my standalone.xml file
Thanks for your help