On Apr 14, 2009, at 7:30 PM, viola lu wrote:


 i created a database security realm following link: http://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and create a dynamic web application, create login/register pages using JSF,  login is controlled by loginbean and regsiterbean which authorizes user/password by connecting to database, but i want to use database security realm to
verify user login like this:

But it seems, login action always call loginbean not realm to authorize.
Something is missing?Thanks.

To use "built in" form authentication your login page needs to have a form with action "j_security_check", something like this:

<form name="login" action="j_security_check" method="POST">

If you want anything fancier you'll need to wait for servlet 3 where there's going to be a programatic way to log into the configured security realms such as the db one you defined.  I haven't looked at this proposal in detail but I think it will let you do stuff like logging in from the jsf loginbean.

david jencks