Hello,

I try to run JBoss Duke Bank application on JBoss 4.0.1 sp1 and it works fine until I'm using org.jboss.web.tomcat.security.JBossSecurityMgrRealm in the server.xml configuration.
...
<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm" certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"/>
...
As soon I replace this realm by org.jboss.web.tomcat.security.JaccAuthorizationRealm:
<Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"/>
the logon is still successful but the every second call to the servlet is responded with "HTTP Status 403 - Access to the requested resource has been denied".
On debugging I noticed that the Subject in the SecurityAssociation, required by JaccAuthorizationRealm is null, therefore the permission check fails.

Kind regards