0 Replies Latest reply: May 7, 2012 1:04 PM by karin k RSS

    security-domain: configuration for authorization

    karin k Newbie

      Hi everybody


      I was playing around a bit with the security subsystem of JBoss AS 7 (version 7.1.1)


      For testing purpose I have configured the following in the standalone.xml file


        <security-domain name="other" cache-type="default">


                              <login-module code="Simple" flag="required"/>



                              <policy-module code="DenyAll" flag="required"/>




      In my test app (the quickstart helloworld servlet) I can see that for authentication the org.jboss.security.auth.spi.SimpleServerLoginModule is taken as described here https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration.

      But I cannot see that the class org.jboss.security.authorization.modules.AllDenyAuthorizationModule is loaded or used.

      Is something wrong with my configuration?


      Find attached my web.xml file and my standalone.xml file




      Thanks for your help