On Apr 16, 2009, at 2:39 AM, viola lu wrote:
Thanks, But jsf tag lib can't identify form attributes like
name="login" action="j_security_check" method="POST", my code
snippnet is:
<%@ taglib uri="http://java.sun.com/jsf/core"; prefix="f">
<%@ taglib uri="http://java.sun.com/jsf/html"; prefix="h">
....
.....
<f:view>
<h:form name="login" action="j_security_check" method="POST">
</h:form>
</f:view>
....
if i deploy this login.jsp. errors:attribute invalid for Form.
So may Database sql realm can't support jsf page?
I know almost nothing about jsf so I'm not sure exactly what the
problem here is. However, the problem is with the message dialog
between the browser and the built in FORM authenticator, not with the
security realm you want to use.
I googled a bit and apparently you can't have a jsf page be the login
form, cf. http://download-uk.oracle.com/docs/cd/B31017_01//web.1013/b25947/adding_security005.htm
If you really need the login page to be jsf based, you'll need to
write something like a security filter for your app that handles the
authentication dialog. After you've obtained the username and
password you can login to your realm using something like this:
CallbackHandler handler = ...
Subject subject = ContextManager.login(realmName, handler);
ContextManager.setCallers(subject, subject);
//call next filter
ContextManager.setCallers(null, null);
You'll want to cache the subject somewhere such as the session.
thanks
david jencks
On Wed, Apr 15, 2009 at 1:30 PM, David Jencks
<[email protected]> wrote:
On Apr 14, 2009, at 7:30 PM, viola lu wrote:
Hi,ALL:
i created a database security realm following link: http://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and
create a dynamic web application, create login/register pages
using JSF, login is controlled by loginbean and regsiterbean which
authorizes user/password by connecting to database, but i want to
use database security realm to
verify user login like this:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MYREALM</realm-name>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>login_error.jsp</form-error-page>
</form-login-config>
</login-config>
But it seems, login action always call loginbean not realm to
authorize.
Something is missing?Thanks.
To use "built in" form authentication your login page needs to have
a form with action "j_security_check", something like this:
<form name="login" action="j_security_check" method="POST">
If you want anything fancier you'll need to wait for servlet 3 where
there's going to be a programatic way to log into the configured
security realms such as the db one you defined. I haven't looked at
this proposal in detail but I think it will let you do stuff like
logging in from the jsf loginbean.
thanks
david jencks
--
viola
--
viola
