Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Login process in jsf

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am trying to build eshop application. I use container managed authentication for access to an administration interface.
I also want to give users option to registry and login. Now I am not sure how to design login process.
Could I use this type of authentication also for common users?
In this thread:
https://coderanch.com/t/448131/JSF/java/forms-authentication-security-check-JSF
I read that invoking login page for container managed authentication is not intended to be directly. It should be displayed by container before access to a protected page defined in web.xml.
So should I construct my own login process for common user login and have container managed authentication for access to admin interface?
Thanks for any answer.
 
Saloon Keeper
Posts: 22482
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Container-managed logins are done (as you read) automatically. You don't write any login code. Instead, when an incoming URL matches a pattern defined as secure in the web.xml file, the server checks to see if the user is authenticated (logged in) and if not, the request is temporarily diverted until the user successfully logs in.

Trying to mix a manual login with the automatic login is probably not going to work very well. However, while you don't "own" the login process, there's no problem with adding a few decorations to the login/loginfail pages.

Specifically, I mean that you can add a "Register new user" link there as well as other useful links such as "forgot password". As long as those links are to unsecured URLs, there's no problem. The original secured page request and the login request that comes from it will be discarded and the normal hyperlink process takes over.

My personal recommendation is that you do not place any links that are not related to user security on a login page, however. No business functions or menus. And you will need to use links, not form objects, since the login page's form processor belongs to the server and does not support adding custom logic.

 
We're all out of roofs. But we still have tiny ads:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic