geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Commented: (GERONIMO-3923) Login established without tomcat notification
Date Mon, 17 Mar 2008 16:43:24 GMT


David Jencks commented on GERONIMO-3923:

Could you please ask about this on the user mailing list?  So far you haven't described anything
that looks like a bug to me.  JavaEE security is designed for the container to do the login,
not the application, so its not too surprising that having your application do the login doesn't

In your post please describe the jsf bean code, whether you wrote it and have control over
it, and where you are looking in the wiki.   I think I may have dealt with a similar issue
once integrating the jetspeed 2 portal.  Hopefully we will be able to find a solution that
is consistent with javaee and does what you need.

> Login established without tomcat notification
> ---------------------------------------------
>                 Key: GERONIMO-3923
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.1
>         Environment: Windows, Linux
>            Reporter: Ralf Baumhof
>            Assignee: David Jencks
> I have set up a security realm (sql realm). In web.xml tomcat is advised to keep a watch
an all pages lying in directory /pages. I use a form login. If the  login form is designed
to use j_security_check action, the servlet authentication works. The first try to access
a page in /pages/* area leads to the login form and after successful login the page is diplayed.
However, the application has strong security impacts, so we would prefer to use a JSF backing
bean which performs a LoginContext method for login to geronimo. This also works. The login
succeeds and i get a principal. But the application is not logged in at tomcat webcontainer.
It's not possible to access the pages in /pages/* area. Is this a bug or a feature???? What
must be done if one want's to use the LoginContext way??? According to the geronimo wiki i
suggest that it should work. 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message