On Apr 14, 2009, at 7:30 PM, viola lu wrote:

Hi,ALL:

 i created a database security realm following link: http://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and create a dynamic web application, create login/register pages using JSF,  login is controlled by loginbean and regsiterbean which authorizes user/password by connecting to database, but i want to use database security realm to
verify user login like this:

 <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>MYREALM</realm-name>
      <form-login-config>
         <form-login-page>login.jsp</form-login-page>
         <form-error-page>login_error.jsp</form-error-page>
      </form-login-config>
    </login-config>
But it seems, login action always call loginbean not realm to authorize.
Something is missing?Thanks.

To use "built in" form authentication your login page needs to have a form with action "j_security_check", something like this:

<form name="login" action="j_security_check" method="POST">

If you want anything fancier you'll need to wait for servlet 3 where there's going to be a programatic way to log into the configured security realms such as the db one you defined.  I haven't looked at this proposal in detail but I think it will let you do stuff like logging in from the jsf loginbean.

thanks
david jencks



--
viola