We need to do the followings:

• create page with links to the three types of authentication
• setup app. server with users and role or at least reuse the pre-defined users in Tomcat

Basic Authentication

• create "logout.jspx" with a command button that triggers a redirect "logout.jspx" using navigation rules
• bind command button to the bean that invalidates the session
• setup servlet container with basic authentication

Form Authentication

• create "form-login.html" – this will avoid session creation before getting authenticated
• reuse "logout.jspx", the bean, and related navigation rules from "Basic Authentication"

Application Authentication

• create "app-login.jspx" page that uses ICEfaces components for input
• create bean that handles authentication
• define navigation rules for successful authentication

When will you provide such a tutorial / sample app? I'm very interested about it! In the referenced form post from 22/04/2008, you wrote about "few days"...

Could use either Spring Security or JAAS for this, or maybe both?

I created the app and put in the tutorial/samples section. It is supposed to be built from build.xml. I did not write the documentation yet because couple of issues still remain outstanding. As soon as I iron them out I will put the readme and brief explanation with the code.
Things, which work:

• Log in/out using spring security
• Role access control

Things, which were bypassed:

• navigation to spring urls via faces-config.xml. I use redirection instead, which works fine

Things TBD

• method security is not working yet. It has absolutely nothing to do with icefaces. Spring does not pick @Secured annotation

If anybody finds the code familiar, I have adopted it from Seema Richard's article in JavaWorld about using Acegi and JSF. This sample uses ICEFaces and Spring Security 2.0 ( a step up from Acegi)

I am working on the user authentication module, can you provide sample application. As you mentioned above that the sample application has been uploaded in the tutorial/samples section, can you guide me to download this sample application.

I also cannot find this sample app (was expecting it in http://www.icefaces.org/main/resources/tutorials.iface), please provide a link to it or some other means of download.

This tutorial needs to be published on the site.

Please, can you publish this tutorial? Thanks!

Here's the bug for our previous discussion. You should get a better sense of the history behind it.

Does, anyone know why Spring is not picking the @Secured annotation!!! Any other Alternate Suggestions for Method Level Security. I tried all three options mentioned under http://www.jroller.com/habuma/entry/method_level_security_in_spring Nothing seems to be working? I am Struck!! Thanks in advance for your Help!!!

Revision #20790 - Committed application "ice3013" svn/repo/applications/ice3013.

This application has BASIC, FORM, and APPLICATION methods of authenticating with ICEfaces.

The only issue is after logging in with BASIC and logging out, the user is not prompted to authenticate the next time they attempt to reach the secure page.