geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (GERONIMO-3923) Login established without tomcat notification
Date Mon, 17 Mar 2008 16:39:24 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks reassigned GERONIMO-3923:
--------------------------------------

    Assignee: David Jencks

> Login established without tomcat notification
> ---------------------------------------------
>
>                 Key: GERONIMO-3923
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3923
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.1
>         Environment: Windows, Linux
>            Reporter: Ralf Baumhof
>            Assignee: David Jencks
>
> I have set up a security realm (sql realm). In web.xml tomcat is advised to keep a watch
an all pages lying in directory /pages. I use a form login. If the  login form is designed
to use j_security_check action, the servlet authentication works. The first try to access
a page in /pages/* area leads to the login form and after successful login the page is diplayed.
However, the application has strong security impacts, so we would prefer to use a JSF backing
bean which performs a LoginContext method for login to geronimo. This also works. The login
succeeds and i get a principal. But the application is not logged in at tomcat webcontainer.
It's not possible to access the pages in /pages/* area. Is this a bug or a feature???? What
must be done if one want's to use the LoginContext way??? According to the geronimo wiki i
suggest that it should work. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message