I have a double login requirement because I need some finer detals that tomcst's container authentication does not seem to provide. I need a way to atore username in business logic scope when logged in (mainly just the username) my current solution is not working as follows:
I submit action to backing method which is coded in the jsf as follows in the login page: <f:view> <body style="background-color:#7b68ee;margin:auto"> <div align="center" id="header"><jsp:include page="/header.jsp"/></div> <div align="center"> <div align="center" id="centred-content"style="border-width:3px; border-style: solid; border-color: #7fffd4;width:800px"> <div id="h1" align="center"> <h:outputText value="#{loginMsg.h1}..." style="color:white; font-family:fantasy;font-size:large;"/><br> <h:outputText value="#{loginMsg.h2}..." style="color:white; font-family:fantasy;font-size:large;"/></div> <div align="center"> <h:form> <h:panelGrid columns="2"> <h:outputText value="#{registerMsg.userName}:" style="color:yellow;"/> <h:inputText id="j_username" value="#{loginForm.username}" title="#{registerMsg.userNameTitle}"required="true"> <f:validateLength maximum="20" minimum="6"/> <h:outputText value="#{registerMsg.password}:" style="color:yellow;"/> <h:inputSecret id="j_passwword" value="#{loginForm.password}" title="#{registerMsg.passwordTitle}"required="true" > </h:inputSecret> </h:panelGrid> <h:commandButton action="#{loginForm.confirmCredentials}" value="#{loginMsg.login}"style="color:#20b2aa;" /> <br> </h:form> then in loginForm.java I have the method coded as follows to set my managed bean and hopefuly dispatch on continer needed login credentials. public String confirmCredentials() throws IOException, ServletException { UserSession userSession = (UserSession)FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("userSession"); if (UserManagerBean.confirmLogin(username, password)) { UsersEntity user = UserManagerBean.findUser(username); userSession.setCurrentUser(user); return "home"; } FacesMessage message = new FacesMessage(); message.setSummary("Login Error"); message.setDetail("Unable to log you in -" + " username and password combination not found."); message.setSeverity(FacesMessage.SEVERITY_WARN); FacesContext.getCurrentInstance().addMessage(null,message); ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext(); HttpServletRequest request = (HttpServletRequest)ectx.getRequest(); HttpServletResponse response = (HttpServletResponse)ectx.getResponse(); RequestDispatcher dispatcher = request.getRequestDispatcher("j_security_check"); dispatcher.forward(request,response); return null; } it never reaches the j_security check servlet anyone know why? The method works fine when called from outside containers security context defined around the page request.