• Post Reply Bookmark Topic Watch Topic
  • New Topic

Custom form based authentication in JSF  RSS feed

 
Rocky kesavan
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I am working on creating a JSF form for user authentication. My authentication source which is SiteMinder requries the JSF form to POST the credentails. but JSF is not allowing me to do a HTTP POST . Is there any suggested worarounds?

Your help is greatly appreciated.

Thanks,
Rakesh
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Rocky!

If SiteMinder is using J2EE container-managed security, the restriction would actually be in J2EE itself. Container-managed security isn't invoked via a URL, it's activated when a page request is made to a secured URL, and what actually happens is that the original request is temporarily sidelined while the container manages login. Since the container can know nothing about the app, it hasn't the ability to access app resources, and in particular, the login page defined in web.xml doesn't get routed through the FacesServlet the way that ordinary page requests do.

Short answer: Use a standard (non-JSF) JSP for your login page. Personally, I discourage complications on login pages. For one thing, they can introduce security hazards. My login pages are rather stark, since the whole point is that accessing secure resources is not a thing to do lightly.
 
Rocky kesavan
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,
Thanks for your reply. It absolutely make sense to have complexity reduced in login page. I am planning to go with a jsp portlet. I truly appreciate your answer.

Regards,
Rakesh
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!