Piotr Swiecicki

hurrah!

azhar bharat wrote:

Piotr Swiecicki wrote:

Maybe I was not clear enough, but I was trying to say that it is possible and I have managed to achieve this without any difficulty. You can have fully working JSF page acting as a login page, like I have done.

Can you explain in detail how you did this.
let us say that i have a page called login.jsf
I have a jsf inputText(j_username) and inputSecret(j_password) and a commandButton (with action="j_security_check") in the form on the page.
Do I have to create a backing bean for these components?
I assume no navigation is required.

Ok, you cannot use h:form tag as it will render html form tag with action pointing to the current JSF view - and this conflicts with container based authentication requirements, as it required that login form is submitted to the j_security_check. So you have to use standard html form on the login page.

And obviously you can't add any validators to username/password fields - but I hope this is not what you want, after all you decided to use container based authentication, so it is the container who responsible for validating username/password, not your application, isn't it?

In my case login page looks like (it depends on template.xhtml template, which is not importat for this example I believe):
<?xml version="1.0" encoding="UTF-8"?> <ui:composition template="/template.xhtml" xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:c="http://java.sun.com/jstl/core" xmlns:a4j="http://richfaces.org/a4j" xmlns:rich="http://richfaces.org/rich"> <ui:define name="title"> <h:outputText value="#{authMsg['login.title']}"/> </ui:define> <ui:define name="body"> <rich:panel header="#{authMsg['login.title.login']}"> <table> <tbody> <tr> <td> <form method="POST" action="j_security_check" name="loginForm"> <table> <tbody> <tr> <td> <label for="username" class="mandatory">#{authMsg['login.label.username']}</label> </td> <td> <input id="username" type="text" name="j_username" title="#{authMsg['login.label.username']}" autocomplete="off" class="mandatory"/> </td> </tr> <tr> <td> <label for="password" class="mandatory">#{authMsg['login.label.password']}</label> </td> <td> <input id="password" type="password" name="j_password" title="#{authMsg['login.label.password']}" autocomplete="off" class="mandatory"/> </td> </tr> </tbody> </table> </form> </td> </tr> </tbody> </table> </rich:panel> </ui:define> </ui:composition>

azhar bharat wrote:Yes, I do understand that login page should have only login form etc..
But, I am not the one who takes decisions, the client does.

There are other JSF elements required on the page, and I need to use the JSF validations too.

Is this not possible? It seems strange that I cannot use security features along with JSF.

Maybe I was not clear enough, but I was trying to say that it is possible and I have managed to achieve this without any difficulty. You can have fully working JSF page acting as a login page, like I have done.

Tim Holloway wrote:You can't. Use a regular JSP for your login and loginfail pages.

Unlike the normal application webpages, container-based logins via forms are managed directly by the application container (Tomcat), and the infrastructure you need to run JSF isn't available.
....

I don't agree. Obviously the action of the login form has to be handled by container itself, so it can be only j_security_check servlet and it is not possible to inject any custom logic here. But still to render the login form and login form errors we can use whatever technology we want. I have just implemented a login page using JSF 1.2 and Facelets recently, it works properly in both Tomcat and Glassfish servers.

It is standard web application, with JSF and Facelets configured in standard way, and with the following configuration in the web.xml:
<security-constraint> <display-name>AuthenticatedUser</display-name> <web-resource-collection> ... </web-resource-collection> <auth-constraint> <description>authenticated user</description> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>LotusLDAPRealm</realm-name> <form-login-config> <form-login-page>/login.xhtml</form-login-page> <form-error-page>/loginFailed.xhtml</form-error-page> </form-login-config> </login-config>

lynn fann wrote:call the method in the constructor of managed bean. so when the page is loaded, the method will be called.

or implement a method annotated with the @PostConstruct annotation, so the bean will have access to all injected resources.

Passed it too, thank you guys, without reading this forum it would be much more difficult.

<h:outputText value="#{myBean.myDate}"> <f:convertDateTime type="both" dateStyle="long"/> </h:outputText>

Have you tried dateStyle="full" instead?
http://java.sun.com/javase/6/docs/api/java/text/DateFormat.html

Hmmm...that means when I called the testing center they didn't book my test. BTW, how did you register the exam? Did you get any registration confirmation letter/code while calling the testing center?

I have registered a couple days ago using prometric website. As the colleague has replied already I have received confirmation email couple seconds later.

I am in India. I called many testing center. All have the same answer. I called Prometrics customer care. Then I got to know the fact. Is there anybody still able to write the exam?

I have my exam booked for 3.11.2008 in the UK, I hope it is still going to happen. When looking at the Sun's website:
http://www.sun.com/training/certification/netbeans.html
there is a message:

Registration for the Sun Certified Specialist Netbeans IDE beta exam has been CLOSED due to high demand and because the total number of registrations for this exam has been met. No further registrations are being taken at this time.

It only tells that the registration is closed, nothing that already booked exams are cancelled.

Yes, it sounds like relating to Acrobat/MSIE bug. The bug is caused by having spaces in the temporaty folder (like for example TMP="C:\Documents and Settings\User\Temp". The downloaded file is stored in that folder and passed to the acrobat executable in not quoted form, like this:
acrobat.exe C:\Documents and Settings\User\Temp\file.pdf

Invoked with such a command acrobat thinks it was passed 3 separate arguments "C:\Documents", "and" and "Settings\User\Temp\file.pdf" and complains about non existing file.

The workaround I am using for that is serve the files from a link. So in my app instead of sending the content type header and the pdf body I am sending html response with the link to generated document. The user then can click on the link and decide whether he wants to open it or save it. Fortunatelly the open option works in this approach, don't sure what the difference is (file is probably still saved in temp folder and passed to the acrobat executable as a parameter).

They are thread safe unless you not bind them to the session/application scope. In that case it may happen that 2 requests will operate on the same bean instance.

I expect next version of SCWCD would cover JSF, currently it put focus rather on JSP/Servlets
http://uk.sun.com/training/catalog/courses/CX-310-083.xml

Great, I have passed!

Sun Certified Enterprise Architect for the Java Platform, Enterprise Edition 5 Certified 12/21/07 12/21/07
12/21/07 Enrolled
12/21/07 Certified

Cite from http://en.wikipedia.org/wiki/Symmetric-key_algorithm:

Symmetric-key algorithms are generally much less computationally intensive than asymmetric key algorithms. In practice, asymmetric key algorithm are typically hundreds to thousands times slower than a symmetric key algorithm.

This explains why C is true.
And D is false because actually the asymmetric encryption is used during SSL handshake to exchange symmetric keys. The second part of the sentence D is true - symmetric keys are later used as such an encryption method is faster

congratulations! I got 80%, but I don't now how I manage to complete part II as I am involved in very busy project now