myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim May <>
Subject security with JSF app
Date Sat, 26 Jan 2013 03:09:07 GMT

Sorry for the ignorant questions. I am used to Glassfish and recently moved
over to Tomcat.

I am trying to setup programmatic security with a JSF app and Tomcat 7. I
am using a JSF managed bean utilizing the request object's login method to
login against the security realm. I know that there are different
configurations for the realms in the JSF apps web.xml. I am choosing FORM
based authentication and not configuring a login or error page. Since the
login and logout is being handled by code.

How do I tie a realm name in the web.xml to the realm name in Tomcat's
server.xml? Do I tie the web.xml realm name to the dataSourceName attribute
in the Realm entity in server.xml config?

This application is going through a redesign and conversion to JSF, so it
has a legacy database without encrypted passwords. Ya! I know. Bad!
Unfortunately, I have inherited this yummy stuff. I plan on changing it
later to encrypted passwords. Will the JDBC realm work with passwords in
plain text in the database column or is it going to force an MD5 check? I
would like to get the redesigned web files up and running while having to
perform very little modifications to the database.


James May
Software Lead Engineer / Architect
Java, PHP, .Net, Leader, Mentor

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message