geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralf Baumhof <>
Subject How to use JAAS with JSF , best practice
Date Wed, 19 Mar 2008 06:05:24 GMT
I have got an application where after a successful login the user maybe must select a role
(the user may be an administrator and a standard user). So, a navigation to a role-selection-page
must be performed. We are using JSF pages for the view component, so we have an easy and powerful
navigation mechanism.

>From the web application security example (see
we know a very good and easy way of using JAAS authentication with a geronimo security realm.
This example uses standard servlet authentication procedure for login at web container. This
procedure requires a simple html page with the j_security_check action. So, if we are using
JSF pages we are loosing a lot of the powerful JSF navigation features. So my attempt was
to use a JSF page with a JSF backing bean which performs the step by itself using the LoginContext.login("my-security-realm",myCallBackHandler)
method. This also works fine, but the authentication is only done with the ejb container.
Tomcat is not informed about the user login. So the secure pages are still restricted. 

Does anybody know a better way of integrating JAAS with JSF with the purpose of not loosing
the JSF navigation features?? 
Thanks in advance!!
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!

View raw message