Hermond-
I tested MyFaces and FORM authentication successfully with regular JSP like that: http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/webapps/admin/login.jsp?rev=1.8&view=markup
WEB.XML similar to that: http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/webapps/admin/WEB-INF/web.xml?rev=1.15&view=markup
and a backing bean "logoff()" action method with a statement similar to that inside this Struts Action:
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/LogOutAction.java?rev=1.3&view=markup
HTH, Matthias
[EMAIL PROTECTED] wrote:
Hi
I have observed another peculiarity with MyFaces and Tomcat with regards
to security.
If I use BASIC authentication, it works fine. However if I use FORM authentication (and use a regular JSP page for the form), I consistently get a HTTP 408 response.
I also created a simple jsp with a form that posts to the standard j_security_check, but this fails with a 404 saying j_security_check does not exist !
MyFaces is going to be serously hampered in acceptance if it can not coexist with standard JAAS, and not to speak of integration with Tomcat's security mechanism.
Hermod
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
This email with attachments is solely for the use of the individual or
entity to whom it is addressed. Please also be aware that the DnB NOR Group
cannot accept any payment orders or other legally binding correspondence with
customers as a part of an email.
This email message has been virus checked by the virus programs used in the DnB NOR Group.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
