[jboss-user] [Security & JAAS/JBoss] - Re: JavaServer Faces and container-managed authorization not

ragavgomatam do-not-reply at jboss.com
Wed Aug 20 16:55:23 EDT 2008


So you are saying jsp version works ???
anonymous wrote : When I enter the myHome.faces URL, it displays this page, I enter the username and password, and it goes to the myHome.xhtml page as it should, so everything works properly. This is the same behavior I get when I use BASIC authentication as opposed to FORM

In your jsf version, where is the j_security_check ? That indicates to the container to do the JAAS login ? PLus earlier you had done the JAAS login within your managed bean . I am posting that code again
anonymous wrote : LoginContext loginContext = new LoginContext(LOGIN_APP_POLICY, this);
  |       loginContext.login();
This is wrong. Container does the login . Not you. Plus after successful login, test it with 
anonymous wrote : Principal p = request.getPrincipal()
and anonymous wrote : boolean isInRole = request.isUserInRole(DataConstants.COMMUNITY_USER);

Both should return NON-NULLS.

My hunch is that there is an error in your jsf. Remember, j_security_check indicates to the Container to do a JAAS login, even before, the request is routed to your application's controller or welcome page or servlet. 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171629#4171629

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171629

More information about the jboss-user mailing list