I am working on creating a JSF form for user authentication. My authentication source which is SiteMinder requries the JSF form to POST the credentails. but JSF is not allowing me to do a HTTP POST . Is there any suggested worarounds?
If SiteMinder is using J2EE container-managed security, the restriction would actually be in J2EE itself. Container-managed security isn't invoked via a URL, it's activated when a page request is made to a secured URL, and what actually happens is that the original request is temporarily sidelined while the container manages login. Since the container can know nothing about the app, it hasn't the ability to access app resources, and in particular, the login page defined in web.xml doesn't get routed through the FacesServlet the way that ordinary page requests do.
Short answer: Use a standard (non-JSF) JSP for your login page. Personally, I discourage complications on login pages. For one thing, they can introduce security hazards. My login pages are rather stark, since the whole point is that accessing secure resources is not a thing to do lightly.
Customer surveys are for companies who didn't pay proper attention to begin with.
Joined: Feb 01, 2011
Thanks for your reply. It absolutely make sense to have complexity reduced in login page. I am planning to go with a jsp portlet. I truly appreciate your answer.