You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2008/03/17 17:43:24 UTC

[jira] Commented: (GERONIMO-3923) Login established without tomcat notification

    [ https://issues.apache.org/jira/browse/GERONIMO-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579503#action_12579503 ] 

David Jencks commented on GERONIMO-3923:
----------------------------------------

Could you please ask about this on the user mailing list?  So far you haven't described anything that looks like a bug to me.  JavaEE security is designed for the container to do the login, not the application, so its not too surprising that having your application do the login doesn't work.

In your post please describe the jsf bean code, whether you wrote it and have control over it, and where you are looking in the wiki.   I think I may have dealt with a similar issue once integrating the jetspeed 2 portal.  Hopefully we will be able to find a solution that is consistent with javaee and does what you need.



> Login established without tomcat notification
> ---------------------------------------------
>
>                 Key: GERONIMO-3923
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3923
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.1
>         Environment: Windows, Linux
>            Reporter: Ralf Baumhof
>            Assignee: David Jencks
>
> I have set up a security realm (sql realm). In web.xml tomcat is advised to keep a watch an all pages lying in directory /pages. I use a form login. If the  login form is designed to use j_security_check action, the servlet authentication works. The first try to access a page in /pages/* area leads to the login form and after successful login the page is diplayed. However, the application has strong security impacts, so we would prefer to use a JSF backing bean which performs a LoginContext method for login to geronimo. This also works. The login succeeds and i get a principal. But the application is not logged in at tomcat webcontainer. It's not possible to access the pages in /pages/* area. Is this a bug or a feature???? What must be done if one want's to use the LoginContext way??? According to the geronimo wiki i suggest that it should work. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.