geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: How use database security realm in JSF
Date Thu, 16 Apr 2009 15:59:57 GMT

On Apr 16, 2009, at 2:39 AM, viola lu wrote:

> Thanks, But jsf tag lib can't identify form attributes like   
> name="login" action="j_security_check" method="POST", my code  
> snippnet is:
>
> <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f">
> <%@ taglib uri="http://java.sun.com/jsf/html" prefix="h">
>
> ....
> .....
> <f:view>
> <h:form name="login" action="j_security_check" method="POST">
> </h:form>
> </f:view>
>
> ....
>
> if i deploy this login.jsp. errors:attribute invalid for Form.
>
> So may Database sql realm can't support jsf page?

I know almost nothing about jsf so I'm not sure exactly what the  
problem here is.  However, the problem is with the message dialog  
between the browser and the built in FORM authenticator, not with the  
security realm you want to use.

I googled a bit and apparently you can't have a jsf page be the login  
form, cf. http://download-uk.oracle.com/docs/cd/B31017_01//web.1013/b25947/adding_security005.htm

If you really need the login page to be jsf based, you'll need to  
write something like a security filter for your app that handles the  
authentication dialog.  After you've obtained the username and  
password you can login to your realm using something like this:

CallbackHandler handler = ...
Subject subject = ContextManager.login(realmName, handler);
ContextManager.setCallers(subject, subject);
//call next filter
ContextManager.setCallers(null, null);

You'll want to cache the subject somewhere such as the session.

thanks
david jencks

>
>
>
> On Wed, Apr 15, 2009 at 1:30 PM, David Jencks  
> <david_jencks@yahoo.com> wrote:
>
> On Apr 14, 2009, at 7:30 PM, viola lu wrote:
>
>> Hi,ALL:
>>
>>  i created a database security realm following link: http://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and

>>  create a dynamic web application, create login/register pages  
>> using JSF,  login is controlled by loginbean and regsiterbean which  
>> authorizes user/password by connecting to database, but i want to  
>> use database security realm to
>> verify user login like this:
>>
>>  <login-config>
>>       <auth-method>FORM</auth-method>
>>       <realm-name>MYREALM</realm-name>
>>       <form-login-config>
>>          <form-login-page>login.jsp</form-login-page>
>>          <form-error-page>login_error.jsp</form-error-page>
>>       </form-login-config>
>>     </login-config>
>> But it seems, login action always call loginbean not realm to  
>> authorize.
>> Something is missing?Thanks.
>
> To use "built in" form authentication your login page needs to have  
> a form with action "j_security_check", something like this:
>
> <form name="login" action="j_security_check" method="POST">
>
> If you want anything fancier you'll need to wait for servlet 3 where  
> there's going to be a programatic way to log into the configured  
> security realms such as the db one you defined.  I haven't looked at  
> this proposal in detail but I think it will let you do stuff like  
> logging in from the jsf loginbean.
>
> thanks
> david jencks
>
>>
>>
>> -- 
>> viola
>
>
>
>
> -- 
> viola


Mime
View raw message