Forums Register Login

JSF Login Page and JAAS

+Pie Number of slices to send: Send
Hello,

if you want to use form-based authentication e.g

in web.xml

how would you code the login.html and error pages in JSF?

I have only found pure HTML examples for form-based authentication and in my JSF books say nothing about login and security.
Examples for login with JSF use custom beans.
But I think that should not be necessary and even redundant since an authenticated user is automatically propagated through the application.

Is JSF really so poorly integrated with JAAS?
+Pie Number of slices to send: Send
JSF do not need a specfic JSF page to login by JAAS.

Check out these tutorials: http://uaihebert.com/?p=55 , http://uaihebert.com/?p=834
+Pie Number of slices to send: Send
The book "JAAS in Action" (you can get it at www.jaasbook.com) helped me a lot.
+Pie Number of slices to send: Send
The J2EE standard security system is Realm-independent. Whether you use JAAS, JDBC, LDAP or a custom Realm of your own, the web.xml settings and the login pages are unchanged. Only the webapp server itself knows or cares.

However, the login pages are not application pages (neither are a number of other pages defined in web.xml, such as error pages). Because these pages are presented by the server itself rather than by the webapp, they don't go through the normal processing channels. Specifically, they don't get routed through the FacesServlet, because these pages have no external URL. Without the FacesServlet, the JSF code and tags cannot function. Struts users have a similar problem.

For that reason, the login forms must be either straight HTML or simple (non-JSF) JSPs.

My login pages are very stark. The more functions and decorations you load a login page with, the greater is the likelihood that security will be compromised.
I'm a lumberjack and I'm okay, I sleep all night and work all day. Lumberjack ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 5799 times.
Similar Threads
Unable to get Authentication popup window
FORM atuthentication question
j_security_check 404 error
login authentication
Form-based Security
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 29, 2024 08:54:07.