One thing to note is that you can create your own realms see http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/index.html and http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm if you use oracle.
On 9/28/06, Craig McClanahan <[EMAIL PROTECTED]> wrote:
On 9/28/06, stephan opitz <[EMAIL PROTECTED]> wrote: > > as i saw the j_security_check with the severside security login needs > to submit to > > j_security_check > > with the values > > j_username > j_password > > i tried it with the mailreader app, but without success... > > in mailreader the logon method in the logon backing bean is called > so i dont know is it possible to set a j_security_check after logged > in into mailreader > > any shale strategies with this case Using container managed security (j_security_check) means, among other things: * Accepting the fact that the j_security_check page is displayed *before* JSF has had a chance to set up a FacesContext for this request, so you cannot directly use JSF components in the logon page itself. * Accepting the fact that you must use the facilities defined by your app server or servlet container for configuring users. Shale cannot do anything about these issues, because container managed security gets invoked before JSF (and therefore before Shale) does. using security mechanism of tomcat or jboss is a difficult and there > exist no real how to, so maybe anyone here has ideas? > I can't speak for the JBoss approach, but in Tomcat the secret would be to use one of the "Realm" implementations[1] -- probably JDBCRealm or DataSourceRealm. In either case, you'll need to configure the realm by giving it the details specific to your database of users (and their corresponding authorized roles) -- it's not terribly difficult as long as your database structure matches the documented requirements. Craig [1] http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html
