${茶男與藍牌}

Please refer to http://www.jboss.org/community/docs/DOC-12185

1. Configure the web application for security by adding constraints to the web deployment descriptor.

     <security-constraint>
          <web-resource-collection>
               <web-resource-name>All resources</web-resource-name>
               <description>Protects all resources</description>
               <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
               <role-name>WebAppUser</role-name>
          </auth-constraint>
     </security-constraint>

     <security-role>
          <role-name>WebAppUser</role-name>
     </security-role>

     <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Test Realm</realm-name>
     </login-config>

2. Configure the jboss-web.xml file to point to the “my-web” application.

<security-domain>java:/jaas/my-web</security-domain>

3. Configure the login-config.xml file.

    <application-policy name = "my-web">
		<authentication>
			<login-module
				code="org.jboss.security.auth.spi.UsersRolesLoginModule"
				flag = "required">
				<module-option
					name="usersProperties">
					props/my-web-users.properties
				</module-option>
				<module-option
					name="rolesProperties">
					props/my-web-roles.properties
				</module-option>
			</login-module>
		</authentication>
	</application-policy>