Return-Path: X-Original-To: apmail-myfaces-users-archive@www.apache.org Delivered-To: apmail-myfaces-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DB12CEBC3 for ; Sun, 27 Jan 2013 10:15:54 +0000 (UTC) Received: (qmail 69173 invoked by uid 500); 27 Jan 2013 10:15:54 -0000 Delivered-To: apmail-myfaces-users-archive@myfaces.apache.org Received: (qmail 68728 invoked by uid 500); 27 Jan 2013 10:15:48 -0000 Mailing-List: contact users-help@myfaces.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "MyFaces Discussion" Delivered-To: mailing list users@myfaces.apache.org Received: (qmail 68669 invoked by uid 99); 27 Jan 2013 10:15:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 27 Jan 2013 10:15:46 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [77.238.189.211] (HELO nm4-vm0.bullet.mail.ird.yahoo.com) (77.238.189.211) by apache.org (qpsmtpd/0.29) with SMTP; Sun, 27 Jan 2013 10:15:38 +0000 Received: from [77.238.189.49] by nm4.bullet.mail.ird.yahoo.com with NNFMP; 27 Jan 2013 10:15:17 -0000 Received: from [212.82.108.125] by tm2.bullet.mail.ird.yahoo.com with NNFMP; 27 Jan 2013 10:15:17 -0000 Received: from [127.0.0.1] by omp1034.mail.ird.yahoo.com with NNFMP; 27 Jan 2013 10:15:17 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 922440.4524.bm@omp1034.mail.ird.yahoo.com Received: (qmail 48212 invoked by uid 60001); 27 Jan 2013 10:15:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de; s=s1024; t=1359281717; bh=GvTTgZg+cXJXdDYJeTZmcW2Np5cyoZjc7khc2Csw5nM=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=kX4E7Dz/fA2efliYHxnEU5GBHyeX6QpkfybDiV4+ue4gfSdGQyCpI0wC3KufR3zplzl8gEIF60DsdiHw3JHlJNgrJ/AC8leB8uuK5L3Dm45r5ddNNf65Q8BTIISeRdzrkgglefKSIf8RF8x1lGoWL+E54GVruZkCKvoXM10ye44= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=SjbGTFS91sbLHIcuAg3a7fTOhTxgQ/Ekjgkx7UzFMQimf0MVYTI6YVQ5RYSZF/gcmQmleiWxYnYEgM8b5EpPrdtt4JbV1IYySG/sjp3v/5+QPTiqN+gVS+atR0wPlbY6U8MRmpbbEgMgbj25dUkCUjQgKjCFuWXChxtvCT+6Y6I=; X-YMail-OSG: O0wUdwwVM1luMK7rpmk6_3BQlUEbFJbMXxa0oEyu7.YficT VeTrdoz_96KSwDWcRBMC5fLMiWWPB_3IGYjWSiRI3AEt2LBAAL97y.iCa0Kz aw.TGuN79EtNYx70xpzK3JcZLclx0joyLGx6fcHXvfEQA.NscJu4tq4ZstLF bUUjdGLuNsNTXG5er641EXf35S2vtEfUnnhhMrm0s8LxKBiCFOVD4S8YK26J DVm5of2bnWIZlNtw3sEpmVSqGJaYscRgChdve9_TcGZW.it2xLSn7ZwXKyYV _Ez4NjvTgjtY44y1HbHRyT_GU7ELkr5gNnVMZURn2XhrGBUTQp_EBVuQ50x9 GaZxAvWM81Wwf_oAT5KymBAJJn88uOK_b3z7KXMKUB6JbfsAssXoIKtb2cBv HUUiwFNHzOky9XId5RsxVHscFZ8SYMs9ZD2xzJY.yYNz3ZNIuMNTgyyRb1lX 0omsxPE5Epott49wSzq5fBCFpi2VGGQmCggRQ3jxIhoFlLGq4pRhXyVXB1k0 Etgb1js689jNoQWffeS.lgigu287HxodoWQHKnqI3N0A3LFRWetwDeuEyMzQ .sRav_XWdBJZavopbJep6ra9pL9S1BWnO4onIl_rZH.IiTWDOXtBnIb0a5by v.oBPrbRPpgftyGWtpUL3TwMubD3QRtOCElqrJqrbVgokk6g0eyqR1._z1PS qVuiIeGQIDVgsW1ME3siTUwzQG55ZOlzbg5zIqauW.QNNqB6Qa1Y8km.mhA6 UEUw0kJ6FTvML2XV7c.xp_KYNRfvSSThz8DkVyLmYTwgD6fGuJg-- Received: from [80.108.122.184] by web28904.mail.ir2.yahoo.com via HTTP; Sun, 27 Jan 2013 10:15:15 GMT X-Rocket-MIMEInfo: 001.001,SGkgSmltIQoKWW91IGNvdWxkIHVzZSBKQUFTIGFuZCB1c2Vycy54bWwgaW4gdG9tY2F0LCBidXQgSSBwZXJzb25hbGx5IHdvdWxkIG5vdCByZWNvbW1lbmQgaXQgYXMgYWxsIHRoZSBjbGFzc2ljIEVFIGJhc2VkIHNlY3VyaXR5IGlzIChpbW8pIHdheSB0b28gY29tcGxpY2F0ZWQgdG8gaGFuZGxlIGZvciB3aGF0IGl0IHByb3ZpZGVzLgoKCllvdSBjYW4gbG9vayBhdCBDT0RJIEBTZWN1cmVkIHdpdGggYW4gb3duIHNlY3VyaXR5IFZvdGVyIFsxXVsyXSwgd2hpY2ggaXMgdmVyeSBlYXN5IHRvIGltcGxlbWVudCABMAEBAQE- X-Mailer: YahooMailWebService/0.8.130.494 References: Message-ID: <1359281715.39594.YahooMailNeo@web28904.mail.ir2.yahoo.com> Date: Sun, 27 Jan 2013 10:15:15 +0000 (GMT) From: Mark Struberg Reply-To: Mark Struberg Subject: Re: security with JSF app To: MyFaces Discussion In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Checked: Checked by ClamAV on apache.org Hi Jim! You could use JAAS and users.xml in tomcat, but I personally would not recommend it as all the classic EE based security is (imo) way too complicated to handle for what it provides. You can look at CODI @Secured with an own security Voter [1][2], which is very easy to implement against any existing security solution. There will be a similar solution for DeltaSpike in the future. LieGrue, strub [1] https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage [2] https://github.com/struberg/lightweightEE/blob/master/gui/src/main/java/de/jaxenter/eesummit/caroline/gui/security/AdminAccessVoter.java ----- Original Message ----- > From: Jim May > To: MyFaces Discussion > Cc: > Sent: Saturday, January 26, 2013 4:09 AM > Subject: security with JSF app > > Hello, > > Sorry for the ignorant questions. I am used to Glassfish and recently moved > over to Tomcat. > > I am trying to setup programmatic security with a JSF app and Tomcat 7. I > am using a JSF managed bean utilizing the request object's login method to > login against the security realm. I know that there are different > configurations for the realms in the JSF apps web.xml. I am choosing FORM > based authentication and not configuring a login or error page. Since the > login and logout is being handled by code. > > How do I tie a realm name in the web.xml to the realm name in Tomcat's > server.xml? Do I tie the web.xml realm name to the dataSourceName attribute > in the Realm entity in server.xml config? > > This application is going through a redesign and conversion to JSF, so it > has a legacy database without encrypted passwords. Ya! I know. Bad! > Unfortunately, I have inherited this yummy stuff. I plan on changing it > later to encrypted passwords. Will the JDBC realm work with passwords in > plain text in the database column or is it going to force an MD5 check? I > would like to get the redesigned web files up and running while having to > perform very little modifications to the database. > > Thanks, > > -- > James May > Software Lead Engineer / Architect > Java, PHP, .Net, Leader, Mentor > http://www.jamesmay.me >