I try for a long time to integrate Tomcat 5.5.17 and JAAS.
I have created my LoginModule with sample provided by Internet (jaasbook
website)
I have created my webapp with FORM authentication
I have configurated my server.xml with the Tomcat JAAS realm.
I have added-Djava.security.auth.login.config=C:\ auth.conf to the Tomcat
launcher.

Then authentication is OK
The authorization return always HTTP 403

I see in some FAQs that there is perhaps a Bug in Tomcat on this subject
(GenericPrincipal...)
Do i have to configure a special policy file ?? and adding this file in
the JVM with -D...What can be included in this policy file ??

Can you help me Please...

Regards

Fred