Almost figured out how to satisfy container and managed bean login.

[Yucca Nel]

I have a double login requirement because I need some finer detals that 
tomcst's container authentication does not seem to provide.
I need a way to atore username in business logic scope when logged in (mainly 
just  the username) my current solution is not working as follows:

I submit action to backing method which is coded in the jsf as follows in the 
login page:


<f:view>
    <body style="background-color:#7b68ee;margin:auto">
    <div align="center" id="header"><jsp:include page="/header.jsp"/></div>
    <div align="center">
        <div align="center" id="centred-content"style="border-width:3px; 
border-style: solid; border-color: #7fffd4;width:800px">
            <div id="h1" align="center">
                <h:outputText value="#{loginMsg.h1}..." style="color:white; 
font-family:fantasy;font-size:large;"/><br>
                <h:outputText value="#{loginMsg.h2}..." style="color:white; 
font-family:fantasy;font-size:large;"/></div>
            <div align="center">
                <h:form>
                    <h:panelGrid columns="2">

                        <h:outputText value="#{registerMsg.userName}:" 
style="color:yellow;"/>
                        <h:inputText id="j_username" 
value="#{loginForm.username}" 
title="#{registerMsg.userNameTitle}"required="true">

                            <f:validateLength maximum="20" minimum="6"/>
                        <h:outputText value="#{registerMsg.password}:" 
style="color:yellow;"/>
                        <h:inputSecret id="j_passwword" 
value="#{loginForm.password}" 
title="#{registerMsg.passwordTitle}"required="true" >

                        </h:inputSecret>

                    </h:panelGrid>

                    <h:commandButton action="#{loginForm.confirmCredentials}" 
value="#{loginMsg.login}"style="color:#20b2aa;" />
                    <br>
                </h:form>

then in loginForm.java I have the method coded as follows to set my managed 
bean and hopefuly dispatch on continer needed login credentials. 


public String confirmCredentials() throws IOException, ServletException {       
 UserSession userSession =
        
(UserSession)FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("userSession");

        if (UserManagerBean.confirmLogin(username, password)) {
            
            UsersEntity user = UserManagerBean.findUser(username);
            userSession.setCurrentUser(user);
            return "home";
        }
        FacesMessage message = new FacesMessage();
        message.setSummary("Login Error");
        message.setDetail("Unable to log you in -"
           +  " username and password combination not found.");
        message.setSeverity(FacesMessage.SEVERITY_WARN);
        FacesContext.getCurrentInstance().addMessage(null,message);
        ExternalContext ectx =
FacesContext.getCurrentInstance().getExternalContext();
  HttpServletRequest request =
(HttpServletRequest)ectx.getRequest();
  HttpServletResponse response =
(HttpServletResponse)ectx.getResponse();
  RequestDispatcher dispatcher =
request.getRequestDispatcher("j_security_check");
  dispatcher.forward(request,response);
  return null;
    }

it never reaches the j_security check servlet

anyone know why?

The method works fine when called from outside containers security context 
defined around the  page request.