On Tuesday 26 April 2011 05:09 PM, forums_at_java.net wrote:
> I have a couple of questions regarding glassfish security module in
> connection with JEE security.
>
> First, is it possible to configure glassfish not to use the hashing while
> checking passwords. I have some passwords in datatbase that are not
> hashed
> using any algorithm, but are stored as is. Will it be possible to use
> glassfish security jee modules using those passwords?
Yes, you could set the digest-algorithm param to none in the realm
configuration
>
> Second, I have been trying to use glassfish security modules to secure my
> application. But somehow, the glassfish does not trigger its
> authentication
> when url-pattern is used without including '/faces' in it. When I use the
> url-pattern in security-constraint like shown below, the user is not
> asked to
> authenticate even if the pattern matches.
>
>
>
> <security-constraint> <display-name>Donor
> Constraint</display-name> <web-resource-collection>
> <...> <url-pattern>/secured/*</url-pattern>
> </web-resource-collection> <...>
> </security-constraint> But if I add '/faces' to the above url-pattern,
> then glassfish requests the user authentication. So the code given below
> triggers authentication <security-constraint>
> <display-name>Donor Constraint</display-name>
> <web-resource-collection> <...>
> <url-pattern>/faces/secured/*</url-pattern>
> </web-resource-collection> <...>
> </security-constraint> Why does the glassfish authentication does not
> work in the first case?
The url-pattern in the security-constraint should begin from the
context-root. Please
check
http://download.oracle.com/javaee/5/tutorial/doc/bncbe.html#bncbk
<
http://www.java.net/external?url=http://download.oracle.com/javaee/5/tutorial/doc/bncbe.html#bncbk>
HTH
Nithya
> regards, Nirvan.
>
>
>
> --
>
> [Message sent by forum member 'nirvan_bd']
>
> View Post: http://forums.java.net/node/795436
>
>