Win a copy of Microservices Testing (Live Project) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Login process in jsf

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am trying to build eshop application. I use container managed authentication for access to an administration interface.
I also want to give users option to registry and login. Now I am not sure how to design login process.
Could I use this type of authentication also for common users?
In this thread:
https://coderanch.com/t/448131/JSF/java/forms-authentication-security-check-JSF
I read that invoking login page for container managed authentication is not intended to be directly. It should be displayed by container before access to a protected page defined in web.xml.
So should I construct my own login process for common user login and have container managed authentication for access to admin interface?
Thanks for any answer.
 
Saloon Keeper
Posts: 25782
184
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Container-managed logins are done (as you read) automatically. You don't write any login code. Instead, when an incoming URL matches a pattern defined as secure in the web.xml file, the server checks to see if the user is authenticated (logged in) and if not, the request is temporarily diverted until the user successfully logs in.

Trying to mix a manual login with the automatic login is probably not going to work very well. However, while you don't "own" the login process, there's no problem with adding a few decorations to the login/loginfail pages.

Specifically, I mean that you can add a "Register new user" link there as well as other useful links such as "forgot password". As long as those links are to unsecured URLs, there's no problem. The original secured page request and the login request that comes from it will be discarded and the normal hyperlink process takes over.

My personal recommendation is that you do not place any links that are not related to user security on a login page, however. No business functions or menus. And you will need to use links, not form objects, since the login page's form processor belongs to the server and does not support adding custom logic.

 
Mo-om! You're embarassing me! Can you just read a tiny ad like a normal person?
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic