[
https://issues.apache.org/jira/browse/GERONIMO-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ralf Baumhof closed GERONIMO-3923.
----------------------------------
Resolution: Invalid
Works as designed
> Login established without tomcat notification
> ---------------------------------------------
>
> Key: GERONIMO-3923
> URL: https://issues.apache.org/jira/browse/GERONIMO-3923
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0.2, 2.1
> Environment: Windows, Linux
> Reporter: Ralf Baumhof
> Assignee: David Jencks
>
> I have set up a security realm (sql realm). In web.xml tomcat is advised to
> keep a watch an all pages lying in directory /pages. I use a form login. If
> the login form is designed to use j_security_check action, the servlet
> authentication works. The first try to access a page in /pages/* area leads
> to the login form and after successful login the page is diplayed. However,
> the application has strong security impacts, so we would prefer to use a JSF
> backing bean which performs a LoginContext method for login to geronimo. This
> also works. The login succeeds and i get a principal. But the application is
> not logged in at tomcat webcontainer. It's not possible to access the pages
> in /pages/* area. Is this a bug or a feature???? What must be done if one
> want's to use the LoginContext way??? According to the geronimo wiki i
> suggest that it should work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
