[jboss-user] [Security & JAAS/JBoss] - Re: JavaServer Faces and container-managed authorization not

ragavgomatam do-not-reply at jboss.com
Wed Aug 20 15:12:20 EDT 2008

Can you do a quick test ? Can you replace your jsf with plain jsp ? Also can you post your jsp/html code of the login page ? 

Does it have 
anonymous wrote : form action="j_security_check"
anonymous wrote : j_username and j_password

 I presume it does & If it does, then WebContainer does the authentication & all this code below 

anonymous wrote : LoginContext loginContext = new LoginContext(LOGIN_APP_POLICY, this);
  |       loginContext.login();
  |       // If there is no exception, login succeeded.
  |       returnString = SUCCESS;
  |       // Remove the password from memory and Faces display.
  |       password = null;
  |       // Put the loginContext object into the user's session.
  |       request.getSession().setAttribute(LOGIN_CONTEXT_ATTR, loginContext);

is not neccessary. 
So lets try to replace jsf with a plain jsp.  If that works, we have isolated the problem to jsf managed bean.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171609#4171609

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171609

More information about the jboss-user mailing list