[jira] Commented: (GERONIMO-3923) Login established without tomcat notification

Mon, 17 Mar 2008 09:45:09 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579503#action_12579503
 ] 

David Jencks commented on GERONIMO-3923:
----------------------------------------

Could you please ask about this on the user mailing list?  So far you haven't 
described anything that looks like a bug to me.  JavaEE security is designed 
for the container to do the login, not the application, so its not too 
surprising that having your application do the login doesn't work.

In your post please describe the jsf bean code, whether you wrote it and have 
control over it, and where you are looking in the wiki.   I think I may have 
dealt with a similar issue once integrating the jetspeed 2 portal.  Hopefully 
we will be able to find a solution that is consistent with javaee and does what 
you need.



> Login established without tomcat notification
> ---------------------------------------------
>
>                 Key: GERONIMO-3923
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3923
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.1
>         Environment: Windows, Linux
>            Reporter: Ralf Baumhof
>            Assignee: David Jencks
>
> I have set up a security realm (sql realm). In web.xml tomcat is advised to 
> keep a watch an all pages lying in directory /pages. I use a form login. If 
> the  login form is designed to use j_security_check action, the servlet 
> authentication works. The first try to access a page in /pages/* area leads 
> to the login form and after successful login the page is diplayed. However, 
> the application has strong security impacts, so we would prefer to use a JSF 
> backing bean which performs a LoginContext method for login to geronimo. This 
> also works. The login succeeds and i get a principal. But the application is 
> not logged in at tomcat webcontainer. It's not possible to access the pages 
> in /pages/* area. Is this a bug or a feature???? What must be done if one 
> want's to use the LoginContext way??? According to the geronimo wiki i 
> suggest that it should work. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to