The problem happened because I copy-pasted the JBDC resource from glassfish 4.0 to glassfish 4.1.1 domain.xml. The problem was resolved after reverting the JDBC resource manually and re-create using admin console or command line.
What I like about Shiro is that it’s really ease to setup permission based security. JAAS is heavily role based which is a granularity that ironically is more useful to consumer webapps than to enterprise apps (as we can notice from your requirements). It’s common for an application server to provide some services on top … Read more
Other users have provide some very useful links above so I am not going to bother with links. I have done a similar research in JAAS for web application and has ran into a “mind roadblock” until I finally realize JAAS is a framework tackling security at a different “layer” then web applications in the … Read more
I suppose you want form based authentication using deployment descriptors and j_security_check. You can also do this in JSF by just using the same predefinied field names j_username and j_password as demonstrated in the tutorial. E.g. <form action=”j_security_check” method=”post”> <h:outputLabel for=”j_username” value=”Username” /> <h:inputText id=”j_username” /> <br /> <h:outputLabel for=”j_password” value=”Password” /> <h:inputSecret id=”j_password” /> … Read more