Here is a more up to date link than the one above https://glassfish.dev.java.net/nonav/javaee5/docs/SJSAS9PEDG.pdf see Creating a Custom Realm in chapter 5
On 9/28/06, Kem Elbrader <[EMAIL PROTECTED]> wrote:
One thing to note is that you can create your own realms see http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/index.html and http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm if you use oracle. On 9/28/06, Craig McClanahan <[EMAIL PROTECTED]> wrote: > On 9/28/06, stephan opitz <[EMAIL PROTECTED]> wrote: > > > > as i saw the j_security_check with the severside security login needs > > to submit to > > > > j_security_check > > > > with the values > > > > j_username > > j_password > > > > i tried it with the mailreader app, but without success... > > > > in mailreader the logon method in the logon backing bean is called > > so i dont know is it possible to set a j_security_check after logged > > in into mailreader > > > > any shale strategies with this case > > > Using container managed security (j_security_check) means, among other > things: > > * Accepting the fact that the j_security_check page is displayed *before* > JSF has had a chance to set up a FacesContext for this request, so you > cannot directly use JSF components in the logon page itself. > > * Accepting the fact that you must use the facilities defined by your app > server > or servlet container for configuring users. > > Shale cannot do anything about these issues, because container managed > security gets invoked before JSF (and therefore before Shale) does. > > using security mechanism of tomcat or jboss is a difficult and there > > exist no real how to, so maybe anyone here has ideas? > > > > > I can't speak for the JBoss approach, but in Tomcat the secret would be to > use one of the "Realm" implementations[1] -- probably JDBCRealm or > DataSourceRealm. In either case, you'll need to configure the realm by > giving it the details specific to your database of users (and their > corresponding authorized roles) -- it's not terribly difficult as long as > your database structure matches the documented requirements. > > Craig > > [1] http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html > >
