tags:

views:

164

answers:

2
+2  Q: 

JSF 2.0 Simple login page

Hi, I need to restrict the access to a part of the application. In order to access that part, user needs to log in. I have a table in my database called User, with usernames and hashed passwords and a login form that consists of two inputs and a submit. However, I don't know which classes/mathids should I use to log in the user (I assume that there is a support for this functionality in jsf). Also, as far as I know, I need to edit my web.xml to support the authentification. Could someone propose a typical solutions and general steps that I need to do in order to get that functionality (links, tutorials of a value greatly appreciated)?

i also wonder how do I limit the access to another page if the person is not logged in so when the user types in the direct link to a page, he will be redirected to a main login page.

Thanks in advance for any help. Grem.

A: 

You can use j_security_check. All you do is post to it, and it will handle authentication based on the realm you've defined, and the application-specific configuration in your web.xml.

Depending on your app server, there is an additional step of linking the defined role (app-specific) to a group (realm-specific).

Here is a typical configuration:

<servlet>
    <servlet-name>Login</servlet-name>
    <servlet-class>com.example.Login</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Login</servlet-name>
    <url-pattern>/Login</url-pattern>
</servlet-mapping>
<servlet>
    <servlet-name>Error</servlet-name>
    <servlet-class>com.example.Error</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Error</servlet-name>
    <url-pattern>/Error</url-pattern>
</servlet-mapping>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>example.com</realm-name>
    <form-login-config>
        <form-login-page>/Login</form-login-page>
        <form-error-page>/Error</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>arbitraryRoleName</role-name>
</security-role>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Pages</web-resource-name>
        <url-pattern>/index.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>arbitraryRoleName</role-name>
    </auth-constraint>
</security-constraint>

Note the security-role. This still needs linked into a group, or whatever you are defining to differentiate users that can use a page from users who can't.

Zack  2010-09-20 13:54:37
Thanks a lot, Zack. Is there no other way but to use j_security_check? I know that there is a class with login and logout methods which I could use but don't remember the name of it.
grem  2010-09-20 14:08:41

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication