Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 21947 invoked from network); 15 Apr 2009 05:30:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 15 Apr 2009 05:30:50 -0000 Received: (qmail 99547 invoked by uid 500); 15 Apr 2009 05:30:49 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 99504 invoked by uid 500); 15 Apr 2009 05:30:48 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 99496 invoked by uid 99); 15 Apr 2009 05:30:48 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Apr 2009 05:30:48 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [98.136.44.58] (HELO smtp103.prem.mail.sp1.yahoo.com) (98.136.44.58) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 15 Apr 2009 05:30:40 +0000 Received: (qmail 77107 invoked from network); 15 Apr 2009 05:30:20 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-Id:From:To:In-Reply-To:Content-Type:Mime-Version:Subject:Date:References:X-Mailer; b=09DTZ4SM8KkCkU1yMD1iSKAqlhT9Rush4bTmr8DNxfh4/WcpLETWAWiE67iRANKsluX2TghrGjvxyEb032hfftJ1gPPP1tcRouShXiJAmvdQh2aoVZyn6kX/yg2l4m7z77sBAmV8ozSoy776RQEMZ891mFGhqX1ScwYiKuYZjVg= ; Received: from unknown (HELO ?10.11.55.39?) (david_jencks@76.76.148.215 with plain) by smtp103.prem.mail.sp1.yahoo.com with SMTP; 15 Apr 2009 05:30:19 -0000 X-YMail-OSG: 0nv0ACsVM1mG98EWnT9VEfG9lg4kYBc4wzX59ZhzZNR0sCC.xlZcFVoPD7A7xQWFqKZtogTIVEfHK.l9w02gupBJlnXmWCwc1yGzRynAl3tTbdK.4H.eAHWBRanRvE3n5mt5m2dLbjzkP6EWppJ44WSCOaEiopKDfQiKzPO0oDR3zBPkx65uB9CNDz09kwj971B_ti0pY6ugXbZyqK5zhloaErlnilFWYl2cIIc0.TOwnw9Seg.4mz96Ptz7dFlkJLaMsu7FLhcKPX7hQ_NuWUEb7OaXgzj2aUBdQjqVx8hF4vJHlcIlTLgPQqbakycP2gJ_QhkGVg2OWPnSr9g7CdXpX54nX.q74uWavYYGbxhk6PaZ_D33s8k1juftgykFWO__lhgSij_DwZe.muNfu9Ku X-Yahoo-Newman-Property: ymail-3 Message-Id: From: David Jencks To: user@geronimo.apache.org In-Reply-To: Content-Type: multipart/alternative; boundary=Apple-Mail-20--526786703 Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: How use database security realm in JSF Date: Tue, 14 Apr 2009 22:30:18 -0700 References: X-Mailer: Apple Mail (2.930.3) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail-20--526786703 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Apr 14, 2009, at 7:30 PM, viola lu wrote: > Hi,ALL: > > i created a database security realm following link: http://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and > create a dynamic web application, create login/register pages using > JSF, login is controlled by loginbean and regsiterbean which > authorizes user/password by connecting to database, but i want to > use database security realm to > verify user login like this: > > > FORM > MYREALM > > login.jsp > login_error.jsp > > > But it seems, login action always call loginbean not realm to > authorize. > Something is missing?Thanks. To use "built in" form authentication your login page needs to have a form with action "j_security_check", something like this:
If you want anything fancier you'll need to wait for servlet 3 where there's going to be a programatic way to log into the configured security realms such as the db one you defined. I haven't looked at this proposal in detail but I think it will let you do stuff like logging in from the jsf loginbean. thanks david jencks > > > -- > viola --Apple-Mail-20--526786703 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable
On Apr 14, 2009, = at 7:30 PM, viola lu wrote:

Hi,ALL:

 i created a database security realm = following link: htt= p://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and create a = dynamic web application, create login/register pages using JSF,  = login is controlled by loginbean and regsiterbean which authorizes = user/password by connecting to database, but i want to use database = security realm to
verify user login like = this:

 <login-config>
      = <auth-method>FORM</auth-method>
      = <realm-name>MYREALM</realm-name>
      = <form-login-config>
        = <form-login-page>login.jsp</form-login-page>
=          = <form-error-page>login_error.jsp</form-error-page>
  &n= bsp;   </form-login-config>
    = </login-config>
But it seems, login action always = call loginbean not realm to authorize.
Something is = missing?Thanks.

To use "built in" form = authentication your login page needs to have a form with action = "j_security_check", something like = this:

<form name=3D"login" = action=3D"j_security_check" method=3D"POST">

If = you want anything fancier you'll need to wait for servlet 3 where = there's going to be a programatic way to log into the configured = security realms such as the db one you defined.  I haven't looked = at this proposal in detail but I think it will let you do stuff like = logging in from the jsf = loginbean.

thanks
david = jencks



-- =
viola

= --Apple-Mail-20--526786703--