[ https://issues.apache.org/jira/browse/GERONIMO-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks reassigned GERONIMO-3923: -------------------------------------- Assignee: David Jencks > Login established without tomcat notification > --------------------------------------------- > > Key: GERONIMO-3923 > URL: https://issues.apache.org/jira/browse/GERONIMO-3923 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 2.0.2, 2.1 > Environment: Windows, Linux > Reporter: Ralf Baumhof > Assignee: David Jencks > > I have set up a security realm (sql realm). In web.xml tomcat is advised to > keep a watch an all pages lying in directory /pages. I use a form login. If > the login form is designed to use j_security_check action, the servlet > authentication works. The first try to access a page in /pages/* area leads > to the login form and after successful login the page is diplayed. However, > the application has strong security impacts, so we would prefer to use a JSF > backing bean which performs a LoginContext method for login to geronimo. This > also works. The login succeeds and i get a principal. But the application is > not logged in at tomcat webcontainer. It's not possible to access the pages > in /pages/* area. Is this a bug or a feature???? What must be done if one > want's to use the LoginContext way??? According to the geronimo wiki i > suggest that it should work. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.