• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Calling an external url...and geting the response

 
sree thondapu
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I am new to JSF

I have a login page with username and password...when i submit the form it goes to a third party URL to authenticate the user,based on the response navigates to my page . How can we do this JSF

Thanks in Advance
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18100
51
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are many ways to do this. Most of which shouldn't be done, but people do them anyway.

One way, however, is to use J2EE's built-in security system (also known as container-managed security). If you use this system, you don't actually "do security in JSF" so much as you wrap security around your entire webapp, including any non-JSF parts it may contain.

To accomplish this, you need to do 2 things:

1. Code security as documented by the J2EE standard and explained in many, if not most good books on J2EE. This primarily means setting up definitions in web.xml. The only thing JSF-specific about this is that critical page navigation rules should include a <redirect/> element, or the URL won't update. And the URL is the primary definer of what security rules will apply.

2. Supply a security provider. For Tomcat, that would be a Realm module. Tomcat doesn't come with a Web Services Realm module, but it's quite easy to create one. I've done it.

For the most part, you don't need to code security in the application, because Tomcat itself will be providing the security. When you need to add extra control, you can check roles, or use the user ID that's in the HttpServletRequest as a key to a more fine-grained security service of your choice.

The way I don't recommend doing it is to have the webapp implement and use a security interface directly. People who do that aren't security professionals, and such systems are pretty much always very insecure. Plus, it takes a lot of time and money to design, develop, debug and maintain a DIY system. And you can't send junior programmers down to the local bookstore for documentation on how to use it (so when maintenance time comes, they either do it wrong or not at all).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic