JSF 2.0 Simple login page

authentication postgresql logging jsf-2
14,853

Solution 1

You could use the HttpServletRequest API introduced in Servlet 3.0:

    /**
     * Performs authentication via HttpServletRequest API
     */
    public String login(String username, String password) throws IOException {
        try {
            getRequest().login(username, password);
            this.user = userDao.find(username);
        } catch (ServletException e) {
            JsfUtil.addErrorMessage(JsfUtil.getStringResource("loginFailed"));
            return null;
        }
        return "/index?faces-redirect=true";
    }

    public String logout() throws ServletException {
        this.user = null;
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
        if (isAuthenticated())
           getRequest().logout();
        return "logout";
    }

    public boolean isAuthenticated() {
        return getRequest().getUserPrincipal() != null;
    }

    public static HttpServletRequest getRequest() {
        Object request = FacesContext.getCurrentInstance().getExternalContext().getRequest();
        return request instanceof HttpServletRequest
                ? (HttpServletRequest) request : null;
    }

Solution 2

You can use j_security_check. All you do is post to it, and it will handle authentication based on the realm you've defined, and the application-specific configuration in your web.xml.

Depending on your app server, there is an additional step of linking the defined role (app-specific) to a group (realm-specific).

Here is a typical configuration:

<servlet>
    <servlet-name>Login</servlet-name>
    <servlet-class>com.example.Login</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Login</servlet-name>
    <url-pattern>/Login</url-pattern>
</servlet-mapping>
<servlet>
    <servlet-name>Error</servlet-name>
    <servlet-class>com.example.Error</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Error</servlet-name>
    <url-pattern>/Error</url-pattern>
</servlet-mapping>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>example.com</realm-name>
    <form-login-config>
        <form-login-page>/Login</form-login-page>
        <form-error-page>/Error</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>arbitraryRoleName</role-name>
</security-role>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Pages</web-resource-name>
        <url-pattern>/index.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>arbitraryRoleName</role-name>
    </auth-constraint>
</security-constraint>

Note the security-role. This still needs linked into a group, or whatever you are defining to differentiate users that can use a page from users who can't.

Share:
14,853
grem
Author by

grem

Updated on June 04, 2022

Comments

  • grem
    grem almost 2 years

    I need to restrict the access to a part of the application. In order to access that part, user needs to log in. I have a table in my database called User, with usernames and hashed passwords and a login form that consists of two inputs and a submit. However, I don't know which classes/mathids should I use to log in the user (I assume that there is a support for this functionality in jsf). Also, as far as I know, I need to edit my web.xml to support the authentification. Could someone propose a typical solutions and general steps that I need to do in order to get that functionality (links, tutorials of a value greatly appreciated)?

    i also wonder how do I limit the access to another page if the person is not logged in so when the user types in the direct link to a page, he will be redirected to a main login page.

    Thanks in advance for any help. Grem.

  • grem
    grem over 13 years
    Thanks a lot, Zack. Is there no other way but to use j_security_check? I know that there is a class with login and logout methods which I could use but don't remember the name of it.
  • BalusC
    BalusC almost 13 years
    This is not part of JSF 2. This is part of Servlet 3.0. So this works only when running JSF 1.x/2.x/whatever on Tomcat 7, Glassfish 3, JBoss AS 6, etc or newer.
  • Theo
    Theo almost 13 years
    @BalusC thanks for pointing that out. I adapted the answer accordingly.
  • Tioma
    Tioma over 12 years
    Have you solution for Servlet 2.5? I use JBoss5.1 which uses Java5. So I can't use it. Please, would be great if you have any suggestion.
  • Theo
    Theo over 12 years
    You can use form based authentication using j_security_check.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Login to PostgreSQL using md5 encrypted password and not plaintext password
postgres: how to turn on logging?
Connections to postgres database failure
How to change log directory location in postgresql 9.4?
Where is Postgres 9.1 log located by default in Ubuntu
How to Force Postgresql User Login with Password
PostgreSQL query/error logging for .sql scripts
pgadmin3: FATAL: Ident authentification failed for user "postgres"
PostgreSQL 8.3 privileges not updated - wrong usage?
How to reset the postgres super user password on mac os x