aspose file tools*
The moose likes JSF and the fly likes Login process in jsf Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "Login process in jsf" Watch "Login process in jsf" New topic
Author

Login process in jsf

matej spac
Greenhorn

Joined: Apr 21, 2011
Posts: 28
Hi,
I am trying to build eshop application. I use container managed authentication for access to an administration interface.
I also want to give users option to registry and login. Now I am not sure how to design login process.
Could I use this type of authentication also for common users?
In this thread:
http://www.coderanch.com/t/448131/JSF/java/forms-authentication-security-check-JSF
I read that invoking login page for container managed authentication is not intended to be directly. It should be displayed by container before access to a protected page defined in web.xml.
So should I construct my own login process for common user login and have container managed authentication for access to admin interface?
Thanks for any answer.

|OCPJP 6|
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16303
    
  21

Container-managed logins are done (as you read) automatically. You don't write any login code. Instead, when an incoming URL matches a pattern defined as secure in the web.xml file, the server checks to see if the user is authenticated (logged in) and if not, the request is temporarily diverted until the user successfully logs in.

Trying to mix a manual login with the automatic login is probably not going to work very well. However, while you don't "own" the login process, there's no problem with adding a few decorations to the login/loginfail pages.

Specifically, I mean that you can add a "Register new user" link there as well as other useful links such as "forgot password". As long as those links are to unsecured URLs, there's no problem. The original secured page request and the login request that comes from it will be discarded and the normal hyperlink process takes over.

My personal recommendation is that you do not place any links that are not related to user security on a login page, however. No business functions or menus. And you will need to use links, not form objects, since the login page's form processor belongs to the server and does not support adding custom logic.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Login process in jsf