I have a couple of questions regarding glassfish security module in
connection with JEE security.
First, is it possible to configure glassfish not to use the hashing while
checking passwords. I have some passwords in datatbase that are not hashed
using any algorithm, but are stored as is. Will it be possible to use
glassfish security jee modules using those passwords?
Second, I have been trying to use glassfish security modules to secure my
application. But somehow, the glassfish does not trigger its authentication
when url-pattern is used without including '/faces' in it. When I use the
url-pattern in security-constraint like shown below, the user is not asked to
authenticate even if the pattern matches.
<security-constraint> <display-name>Donor
Constraint</display-name> <web-resource-collection>
<...> <url-pattern>/secured/*</url-pattern>
</web-resource-collection> <...>
</security-constraint> But if I add '/faces' to the above url-pattern,
then glassfish requests the user authentication. So the code given below
triggers authentication <security-constraint>
<display-name>Donor Constraint</display-name>
<web-resource-collection> <...>
<url-pattern>/faces/secured/*</url-pattern>
</web-resource-collection> <...>
</security-constraint> Why does the glassfish authentication does not
work in the first case? regards, Nirvan.
--
[Message sent by forum member 'nirvan_bd']
View Post: http://forums.java.net/node/795436