I have a requirement to develop and form based login module using JSF 1.2. However, I am unable to understand like how to specify the success page in the navigation case. Below code snippet would help in understanding the issue. I am using Tomcat server for development.
If I access any protected resource like myhome.faces, initially I am pointed to login.faces to enter username and password and once authenticated I will be landed to myhome.jsp page. However, in case I enter wrong credentials, since I pointed it again back to login.faces with error as query string, I am landed to same page displaying error message. Below us my login.jsp
Below are my questions. Please help me.
1. In case of error credentials, I am directed to http://localhost:8080/sampleapps/j_security_check with error message, again when entering correct credentials, I am directed back to login.faces and not to index.faces.
2. I am using JSF 1.2. how can I direct to success page or failure page in this scenario as it is done in springs/struts.
When you use the J2EE Container-Managed security subsystem, you do not "Develop a login module". The "login module" is an integral part of the web application server. There are No User Servicable Parts inside. That is a large part of why it is so secure.
There isn't much point in attempting to write the login or loginfail pages in JSF, because of this. In many cases, the web application server cannot properly manage login or welcome pages in JSF in any event, since those pages do not have an actual external URL (j_security_check, for example, does not target a resource, it simply maintains the login conversation). And more critically, the webapp server (container) may not support routing such requests through the FacesServlet. Container-dispatched web pages work best when they are straight HTML or simple JSP.
Login in the J2EE security system does not support a post-login page, and I'm actually glad it does not, since a lot of times I bookmark critical URLs and I have no patience with navigating a lot of useless stuff if what I want is located at a specific bookmarkable URL. The J2EE container system will intercept requests to those URLs, and present a login screen if I am not already logged in, then proceed to send me directly to the page I want.
Sometimes the only way things ever got fixed is because people became uncomfortable.
Heroic work plunger man. Please allow me to introduce you to this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss