This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes JSF and the fly likes Calling an external url...and geting the response Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "Calling an external url...and geting the response" Watch "Calling an external url...and geting the response" New topic

Calling an external url...and geting the response

sree thondapu

Joined: Oct 30, 2010
Posts: 1
Hi, I am new to JSF

I have a login page with username and password...when i submit the form it goes to a third party URL to authenticate the user,based on the response navigates to my page . How can we do this JSF

Thanks in Advance
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17421

There are many ways to do this. Most of which shouldn't be done, but people do them anyway.

One way, however, is to use J2EE's built-in security system (also known as container-managed security). If you use this system, you don't actually "do security in JSF" so much as you wrap security around your entire webapp, including any non-JSF parts it may contain.

To accomplish this, you need to do 2 things:

1. Code security as documented by the J2EE standard and explained in many, if not most good books on J2EE. This primarily means setting up definitions in web.xml. The only thing JSF-specific about this is that critical page navigation rules should include a <redirect/> element, or the URL won't update. And the URL is the primary definer of what security rules will apply.

2. Supply a security provider. For Tomcat, that would be a Realm module. Tomcat doesn't come with a Web Services Realm module, but it's quite easy to create one. I've done it.

For the most part, you don't need to code security in the application, because Tomcat itself will be providing the security. When you need to add extra control, you can check roles, or use the user ID that's in the HttpServletRequest as a key to a more fine-grained security service of your choice.

The way I don't recommend doing it is to have the webapp implement and use a security interface directly. People who do that aren't security professionals, and such systems are pretty much always very insecure. Plus, it takes a lot of time and money to design, develop, debug and maintain a DIY system. And you can't send junior programmers down to the local bookstore for documentation on how to use it (so when maintenance time comes, they either do it wrong or not at all).

An IDE is no substitute for an Intelligent Developer.
subject: Calling an external url...and geting the response
It's not a secret anymore!