I've built my own portal from the 2.1-dev sources.
The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
(seems like the same problem in Issue
If I'm manually adding the following role-name in portal's web.xml, it works fine, on both tomcat and jboss servers:
here the new full constraint entry:
<!-- Protect LogInRedirectory.jsp. This will require a login when called -->
<!-- the required portal user role name defined in: -->
<!-- /WEB-INF/assembly/security-atn.xml -->
Is this quite correct or do I have a security problem now?
Or is there a bug in JBoss?