I am trying to build eshop application. I use container managed authentication for access to an administration interface.
I also want to give users option to registry and login. Now I am not sure how to design login process.
Could I use this type of authentication also for common users?
In this thread:
http://www.coderanch.com/t/448131/JSF/java/forms-authentication-security-check-JSF I read that invoking login page for container managed authentication is not intended to be directly. It should be displayed by container before access to a protected page defined in web.xml.
So should I construct my own login process for common user login and have container managed authentication for access to admin interface?
Thanks for any answer.
Container-managed logins are done (as you read) automatically. You don't write any login code. Instead, when an incoming URL matches a pattern defined as secure in the web.xml file, the server checks to see if the user is authenticated (logged in) and if not, the request is temporarily diverted until the user successfully logs in.
Trying to mix a manual login with the automatic login is probably not going to work very well. However, while you don't "own" the login process, there's no problem with adding a few decorations to the login/loginfail pages.
Specifically, I mean that you can add a "Register new user" link there as well as other useful links such as "forgot password". As long as those links are to unsecured URLs, there's no problem. The original secured page request and the login request that comes from it will be discarded and the normal hyperlink process takes over.
My personal recommendation is that you do not place any links that are not related to user security on a login page, however. No business functions or menus. And you will need to use links, not form objects, since the login page's form processor belongs to the server and does not support adding custom logic.
An IDE is no substitute for an Intelligent Developer.