I have got an application where after a successful login the user maybe must select a role (the user may be an administrator and a standard user). So, a navigation to a role-selection-page must be performed. We are using JSF pages for the view component, so we have an easy and powerful navigation mechanism.
>From the web application security example (see >http://cwiki.apache.org/GMOxDOC20/web-application-security-sample.html) we >know a very good and easy way of using JAAS authentication with a geronimo >security realm. This example uses standard servlet authentication procedure >for login at web container. This procedure requires a simple html page with >the j_security_check action. So, if we are using JSF pages we are loosing a >lot of the powerful JSF navigation features. So my attempt was to use a JSF >page with a JSF backing bean which performs the step by itself using the >LoginContext.login("my-security-realm",myCallBackHandler) method. This also >works fine, but the authentication is only done with the ejb container. Tomcat >is not informed about the user login. So the secure pages are still >restricted. Does anybody know a better way of integrating JAAS with JSF with the purpose of not loosing the JSF navigation features?? Thanks in advance!! _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
