Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SSO Login:How to redirect to login page

 
subodh joshi
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have write a SSO class for Single Sign on But i am getting one issue i am using JSF2 for my web application...here is my SSO class


As you can see i have write below line



It mean if User null it will redirect to Login page but it is not working Can any one tell me how to solve the issue i am end up with

An error has occurred.

For detailed error information, please see the HTML source code, and contact the forum Administrator.

Error while executing SSO actions: java.lang.NullPointerException
 
Tim Holloway
Bartender
Posts: 18419
60
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you have written your own login manage I cannot help you. Too much would depend on how you designed it. And, for the record, user-designed login managers have a near-100% record of being insecure, whether SSO or no.

If you are using the J2EE standard container-managed security sytem, logins are handled by the web application server, not by the web application. In that case, incoming URLs are scanned against the security patterns defined in the webapp's web.xml file, and if there's a match requiring a logged-in user, the seccurity manager steps in.

The first thing that the security manager does is determine whether the user is already logged in. If so, then it proceeds to check the user's assigned security roles against the roles allowed to make that URL request. Otherwise, the original URL request is placed on hold and the container displays the login page, accepts input from it, and validates the user's credentials. If they fail, the loginfail page is displayed. Otherwise the original URL request is pulled off hold, the security roles are checked, and - if the roles are acceptable - the request gets passed to the application for it to process.

There's really no difference between SSO and non-SSO security using the container security system other than that the container is configured to use an SSO security provider, such as CAS.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!