Hi Your scenario seems plausible, but not what one would desire. One of the drivers behind JAAS in my eyes is the notion of "Container Managed". The application it self should not have to worry about security. Security should be something that is handled on the "outside". By that I mean what is known as "Declarative Security". In that way you can go on developing your application (almost) without worrying about it, and then at some point in time you simply turn it on by setting some option in your environment.
I have got SecurityFilter to work now (it is securing resources), but I am seeing som odd behaviour from the MyFaces part. The Principal is not set on the request that is returned from : FacesContext.getCurrentInstance().getExternalContext().getRequest(). I will look into this probably today. Hermod -----Original Message----- From: Matthias Wessendorf [mailto:[EMAIL PROTECTED] Sent: Monday, March 21, 2005 2:09 PM To: MyFaces Discussion Subject: Re: MyFaces and JAAS on Tomcat ah, sorry. That is a different story, I think. well one possibility can be using Shale for the backing beans in the secure area. create a BasicSecureBackingBean that extends the default implementation of ViewController interfaces. on the logonBean you will do some *user-validation* and add users to a vector or else (application scope) *after* that forward to secure/* each BackingBean that is used inside of secure/ will extend BasicSecureBackingBean. Its *advanced* lifecyle method can check on each request, if a user is logged on. Perhaps, I understood you now? [EMAIL PROTECTED] wrote: > Hi > > No - What I want is what I have in my Strus version : On the frontpage i > have fields for username/password and a login button. That way a user > can log in at any given time - He/She does not have do access a secured > resource to get a "forced" login. Thats why I have been using > SecurityFilter ( S.F project) in my Struts app. However I have not been > able to get SecurityFilter to work with MyFaces (Yet). It is configured > as a Filter, and the init method is called OK, but the doFilter method > is never called (!). > > Hermod > > -----Original Message----- > From: Matthias Wessendorf [mailto:[EMAIL PROTECTED] > Sent: Monday, March 21, 2005 1:53 PM > To: MyFaces Discussion > Subject: Re: MyFaces and JAAS on Tomcat > > > Pre-login ? > > Can you explain ? I guess I missed something :-) > > if you need logoff() create managedBean with a > > public String logoff(); that does the stuff shown in the > struts app for tomcat. > > -Matthias > > [EMAIL PROTECTED] wrote: > >>Hi >> >>As I said in my post : It works if you try to access a secured > > resource. > >>You can however not "Pre-login" - That is enter you username/password > > at > >>the frontpage, and then be authenticated. >> >>Hermod >> >>-----Original Message----- >>From: Matthias Wessendorf [mailto:[EMAIL PROTECTED] >>Sent: Monday, March 21, 2005 1:48 PM >>To: MyFaces Discussion >>Subject: Re: MyFaces and JAAS on Tomcat >> >> >>BTW. >> >>I just copied helloWorld.jsp to secure >> >>so please request localhsot:8080/mfaces.../secure/helloWorld.jsf >> >>that should present you the login form. >> >>HTH, >>Matthias >> >>Matthias Wessendorf wrote: >> >> >>>That worked! >>> >>>I send you (private) the WAR >>> >>>(user with role admin in tomcat-users.xml on my box) >>> >>>HTH, >>>Matthias >>> >> >> >> >>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > > * * * > >>This email with attachments is solely for the use of the individual or >>entity to whom it is addressed. Please also be aware that the DnB NOR > > Group > >>cannot accept any payment orders or other legally binding > > correspondence with > >>customers as a part of an email. >> >>This email message has been virus checked by the virus programs used >>in the DnB NOR Group. >> >>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This email with attachments is solely for the use of the individual or entity to whom it is addressed. Please also be aware that the DnB NOR Group cannot accept any payment orders or other legally binding correspondence with customers as a part of an email. This email message has been virus checked by the virus programs used in the DnB NOR Group. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *