geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: How use database security realm in JSF
Date Wed, 15 Apr 2009 05:30:18 GMT

On Apr 14, 2009, at 7:30 PM, viola lu wrote:

> Hi,ALL:
>  i created a database security realm following link:,and

>  create a dynamic web application, create login/register pages using  
> JSF,  login is controlled by loginbean and regsiterbean which  
> authorizes user/password by connecting to database, but i want to  
> use database security realm to
> verify user login like this:
>  <login-config>
>       <auth-method>FORM</auth-method>
>       <realm-name>MYREALM</realm-name>
>       <form-login-config>
>          <form-login-page>login.jsp</form-login-page>
>          <form-error-page>login_error.jsp</form-error-page>
>       </form-login-config>
>     </login-config>
> But it seems, login action always call loginbean not realm to  
> authorize.
> Something is missing?Thanks.

To use "built in" form authentication your login page needs to have a  
form with action "j_security_check", something like this:

<form name="login" action="j_security_check" method="POST">

If you want anything fancier you'll need to wait for servlet 3 where  
there's going to be a programatic way to log into the configured  
security realms such as the db one you defined.  I haven't looked at  
this proposal in detail but I think it will let you do stuff like  
logging in from the jsf loginbean.

david jencks

> -- 
> viola

View raw message