Fidel Alejandro Torrealba V

Greenhorn
+ Follow
since Apr 08, 2011
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Fidel Alejandro Torrealba V

Hi!!! Thank you so much for all your answers.

I took some days off... and did not reply this thread.

I just want to share my solution.

Basic authentication is bound to the browser, and once you have done login, should should close the browser to finish the logoff... what is not so elegant.

I changed to FORM authentication, creating my form, and posting the user information to a servlet who validates the user credentials against my realm, and this servlet redirect the user to either the application or to an error page. Obviously the proper configuration ifor security-constrain in web.xml have to be done.

I am sharing my solution here:

Login page:



My validation servlet method:


And the required part of the configuration file....


I hope this can be useful for someone else.

All the best,

Alejandro.

13 years ago
JSF
Hi, I havent found a real solution for this problem, even when it is really common...

I have this context:

- JSF application running on Glassfish Server v3.1, JDK6. All in my personal computer with WinVista (This last should not be important).
- Using SSL and Basic authentication (Security of the container)
- I have done my logout() method in my backing bean invalidating the session and sending a redirect.

I can not make the container show again the Login box to validate the user, and be able to change of user... And my user always can go back, pressing the BACK button in the browser or just writing the URL, and continue doing thnigs there when is supposed that there should not be a existing session.

I am getting the name of the user the my backing bean is created:



And I use this name to perform operations...

Then for logout my xhtml has the code:



That calls this method in my bean::



I am declaring my backing bean with:



...Also I was doing the redirect from the the deployment descriptor... and it was the same.

If I close the browser the the session is lost and the container ask me again for user/pass.

Any suggestions?

Thanks a lot!

Alejandro.
13 years ago
JSF