On Apr 14, 2009, at 7:30 PM, viola lu wrote:
Hi,ALL:
i created a database security realm following link: http://cwiki.apache.org/GMOxDOC20/database-sql-realm.html,and
create a dynamic web application, create login/register pages using
JSF, login is controlled by loginbean and regsiterbean which
authorizes user/password by connecting to database, but i want to
use database security realm to
verify user login like this:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MYREALM</realm-name>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>login_error.jsp</form-error-page>
</form-login-config>
</login-config>
But it seems, login action always call loginbean not realm to
authorize.
Something is missing?Thanks.
To use "built in" form authentication your login page needs to have a
form with action "j_security_check", something like this:
<form name="login" action="j_security_check" method="POST">
If you want anything fancier you'll need to wait for servlet 3 where
there's going to be a programatic way to log into the configured
security realms such as the db one you defined. I haven't looked at
this proposal in detail but I think it will let you do stuff like
logging in from the jsf loginbean.
thanks
david jencks
--
viola