myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Struberg <strub...@yahoo.de>
Subject Re: security with JSF app
Date Sun, 27 Jan 2013 10:15:15 GMT
Hi Jim!

You could use JAAS and users.xml in tomcat, but I personally would not recommend it as all
the classic EE based security is (imo) way too complicated to handle for what it provides.


You can look at CODI @Secured with an own security Voter [1][2], which is very easy to implement
against any existing security solution. There will be a similar solution for DeltaSpike in
the future.

LieGrue,
strub

[1] https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage
[2] https://github.com/struberg/lightweightEE/blob/master/gui/src/main/java/de/jaxenter/eesummit/caroline/gui/security/AdminAccessVoter.java


----- Original Message -----
> From: Jim May <jim.webguru@gmail.com>
> To: MyFaces Discussion <users@myfaces.apache.org>
> Cc: 
> Sent: Saturday, January 26, 2013 4:09 AM
> Subject: security with JSF app
> 
> Hello,
> 
> Sorry for the ignorant questions. I am used to Glassfish and recently moved
> over to Tomcat.
> 
> I am trying to setup programmatic security with a JSF app and Tomcat 7. I
> am using a JSF managed bean utilizing the request object's login method to
> login against the security realm. I know that there are different
> configurations for the realms in the JSF apps web.xml. I am choosing FORM
> based authentication and not configuring a login or error page. Since the
> login and logout is being handled by code.
> 
> How do I tie a realm name in the web.xml to the realm name in Tomcat's
> server.xml? Do I tie the web.xml realm name to the dataSourceName attribute
> in the Realm entity in server.xml config?
> 
> This application is going through a redesign and conversion to JSF, so it
> has a legacy database without encrypted passwords. Ya! I know. Bad!
> Unfortunately, I have inherited this yummy stuff. I plan on changing it
> later to encrypted passwords. Will the JDBC realm work with passwords in
> plain text in the database column or is it going to force an MD5 check? I
> would like to get the redesigned web files up and running while having to
> perform very little modifications to the database.
> 
> Thanks,
> 
> -- 
> James May
> Software Lead Engineer / Architect
> Java, PHP, .Net, Leader, Mentor
> http://www.jamesmay.me
> 

Mime
View raw message