On Apr 14, 2009, at 7:30 PM, viola lu wrote:
> Hi,ALL:
>
> i created a database security realm following link: http://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and
> create a dynamic web application, create login/register pages using
> JSF, login is controlled by loginbean and regsiterbean which
> authorizes user/password by connecting to database, but i want to
> use database security realm to
> verify user login like this:
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>MYREALM</realm-name>
> <form-login-config>
> <form-login-page>login.jsp</form-login-page>
> <form-error-page>login_error.jsp</form-error-page>
> </form-login-config>
> </login-config>
> But it seems, login action always call loginbean not realm to
> authorize.
> Something is missing?Thanks.
To use "built in" form authentication your login page needs to have a
form with action "j_security_check", something like this:
<form name="login" action="j_security_check" method="POST">
If you want anything fancier you'll need to wait for servlet 3 where
there's going to be a programatic way to log into the configured
security realms such as the db one you defined. I haven't looked at
this proposal in detail but I think it will let you do stuff like
logging in from the jsf loginbean.
thanks
david jencks
>
>
> --
> viola
|