[jboss-user] [Security & JAAS/JBoss] - Re: JavaServer Faces and container-managed authorization not
do-not-reply at jboss.com
Wed Aug 20 15:12:20 EDT 2008
Can you do a quick test ? Can you replace your jsf with plain jsp ? Also can you post your jsp/html code of the login page ?
Does it have
anonymous wrote : form action="j_security_check"
anonymous wrote : j_username and j_password
I presume it does & If it does, then WebContainer does the authentication & all this code below
anonymous wrote : LoginContext loginContext = new LoginContext(LOGIN_APP_POLICY, this);
| // If there is no exception, login succeeded.
| returnString = SUCCESS;
| // Remove the password from memory and Faces display.
| password = null;
| // Put the loginContext object into the user's session.
| request.getSession().setAttribute(LOGIN_CONTEXT_ATTR, loginContext);
is not neccessary.
So lets try to replace jsf with a plain jsp. If that works, we have isolated the problem to jsf managed bean.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171609#4171609
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171609
More information about the jboss-user