On 9/28/06, stephan opitz <[EMAIL PROTECTED]> wrote:
as i saw the j_security_check with the severside security login needs to submit to j_security_check with the values j_username j_password i tried it with the mailreader app, but without success... in mailreader the logon method in the logon backing bean is called so i dont know is it possible to set a j_security_check after logged in into mailreader any shale strategies with this case
Using container managed security (j_security_check) means, among other things: * Accepting the fact that the j_security_check page is displayed *before* JSF has had a chance to set up a FacesContext for this request, so you cannot directly use JSF components in the logon page itself. * Accepting the fact that you must use the facilities defined by your app server or servlet container for configuring users. Shale cannot do anything about these issues, because container managed security gets invoked before JSF (and therefore before Shale) does. using security mechanism of tomcat or jboss is a difficult and there
exist no real how to, so maybe anyone here has ideas?
I can't speak for the JBoss approach, but in Tomcat the secret would be to use one of the "Realm" implementations[1] -- probably JDBCRealm or DataSourceRealm. In either case, you'll need to configure the realm by giving it the details specific to your database of users (and their corresponding authorized roles) -- it's not terribly difficult as long as your database structure matches the documented requirements. Craig [1] http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html
