Hi Jim! You could use JAAS and users.xml in tomcat, but I personally would not recommend it as all the classic EE based security is (imo) way too complicated to handle for what it provides.
You can look at CODI @Secured with an own security Voter [1][2], which is very easy to implement against any existing security solution. There will be a similar solution for DeltaSpike in the future. LieGrue, strub [1] https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage [2] https://github.com/struberg/lightweightEE/blob/master/gui/src/main/java/de/jaxenter/eesummit/caroline/gui/security/AdminAccessVoter.java ----- Original Message ----- > From: Jim May <jim.webg...@gmail.com> > To: MyFaces Discussion <users@myfaces.apache.org> > Cc: > Sent: Saturday, January 26, 2013 4:09 AM > Subject: security with JSF app > > Hello, > > Sorry for the ignorant questions. I am used to Glassfish and recently moved > over to Tomcat. > > I am trying to setup programmatic security with a JSF app and Tomcat 7. I > am using a JSF managed bean utilizing the request object's login method to > login against the security realm. I know that there are different > configurations for the realms in the JSF apps web.xml. I am choosing FORM > based authentication and not configuring a login or error page. Since the > login and logout is being handled by code. > > How do I tie a realm name in the web.xml to the realm name in Tomcat's > server.xml? Do I tie the web.xml realm name to the dataSourceName attribute > in the Realm entity in server.xml config? > > This application is going through a redesign and conversion to JSF, so it > has a legacy database without encrypted passwords. Ya! I know. Bad! > Unfortunately, I have inherited this yummy stuff. I plan on changing it > later to encrypted passwords. Will the JDBC realm work with passwords in > plain text in the database column or is it going to force an MD5 check? I > would like to get the redesigned web files up and running while having to > perform very little modifications to the database. > > Thanks, > > -- > James May > Software Lead Engineer / Architect > Java, PHP, .Net, Leader, Mentor > http://www.jamesmay.me >