Login established without tomcat notification
---------------------------------------------
Key: GERONIMO-3923
URL: https://issues.apache.org/jira/browse/GERONIMO-3923
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.1, 2.0.2
Environment: Windows, Linux
Reporter: Ralf Baumhof
I have set up a security realm (sql realm). In web.xml tomcat is advised to
keep a watch an all pages lying in directory /pages. I use a form login. If the
login form is designed to use j_security_check action, the servlet
authentication works. The first try to access a page in /pages/* area leads to
the login form and after successful login the page is diplayed. However, the
application has strong security impacts, so we would prefer to use a JSF
backing bean which performs a LoginContext method for login to geronimo. This
also works. The login succeeds and i get a principal. But the application is
not logged in at tomcat webcontainer. It's not possible to access the pages in
/pages/* area. Is this a bug or a feature???? What must be done if one want's
to use the LoginContext way??? According to the geronimo wiki i suggest that it
should work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
