myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Struberg <>
Subject Re: security with JSF app
Date Sun, 27 Jan 2013 10:15:15 GMT
Hi Jim!

You could use JAAS and users.xml in tomcat, but I personally would not recommend it as all
the classic EE based security is (imo) way too complicated to handle for what it provides.

You can look at CODI @Secured with an own security Voter [1][2], which is very easy to implement
against any existing security solution. There will be a similar solution for DeltaSpike in
the future.



----- Original Message -----
> From: Jim May <>
> To: MyFaces Discussion <>
> Cc: 
> Sent: Saturday, January 26, 2013 4:09 AM
> Subject: security with JSF app
> Hello,
> Sorry for the ignorant questions. I am used to Glassfish and recently moved
> over to Tomcat.
> I am trying to setup programmatic security with a JSF app and Tomcat 7. I
> am using a JSF managed bean utilizing the request object's login method to
> login against the security realm. I know that there are different
> configurations for the realms in the JSF apps web.xml. I am choosing FORM
> based authentication and not configuring a login or error page. Since the
> login and logout is being handled by code.
> How do I tie a realm name in the web.xml to the realm name in Tomcat's
> server.xml? Do I tie the web.xml realm name to the dataSourceName attribute
> in the Realm entity in server.xml config?
> This application is going through a redesign and conversion to JSF, so it
> has a legacy database without encrypted passwords. Ya! I know. Bad!
> Unfortunately, I have inherited this yummy stuff. I plan on changing it
> later to encrypted passwords. Will the JDBC realm work with passwords in
> plain text in the database column or is it going to force an MD5 check? I
> would like to get the redesigned web files up and running while having to
> perform very little modifications to the database.
> Thanks,
> -- 
> James May
> Software Lead Engineer / Architect
> Java, PHP, .Net, Leader, Mentor

View raw message