Form-based authentication and JSF

I am trying to use a form-based authentication in Tomcat 6, and from what I understand the page that contains the login form can not be a JSF page.
The problem I'm having with this is that I need the client's username and password accessible from my backing bean, but I don't know how to put them there from a standard JSP.
Before all this, I had a simple login form with username/password fields that were bound to a bean, and a button that executed a bean method that would perform the login procedure, retrieve the client's data from the DB and create a Client object in the session to be accessible throughout the application. Now, I need to use container managed access control with form-based authentication, and I know how to set it up but don't know how to create the Client object if the container does all the authentication and I never even get a hold of a username/password combination let alone the rest of the client's data.
Any advice on this would be greatly appreciated.

alf.redo wrote:
...following article: [j2ee_security_a_jsf_based_login_form|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form]
This is exactly the solution I am planning to use. It is good to know there are others who have decided to go that way.
Thanks

Similar Messages

  • Form based authentication in JSF

    Hi,
    I am using form based authentication in JSF .
    I am not able to display the JSF page.
    I have this security constraint in my web.xml
    <security-constraint>
    <display-name>Example Security Constraint</display-name>
    <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/jsp/WorkingZone.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>manager</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Example Form-Based Authentication Area</realm-name>
    <form-login-config>
    <form-login-page>/Login/login.jsp</form-login-page>
    <form-error-page>/Login/error.jsp</form-error-page>
    </form-login-config>
    </login-config>
    WorkingZone.jsp is a jsp page with JSF components.Which can only be invoked with faces context.
    I am using JDBCRealm
    For the valid user I am getting this error------>
    HTTP Status 400 - Invalid direct reference to form login page
    type Status report
    message Invalid direct reference to form login page
    description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
    Please give me the solution.How can I access my jsf page.

    Thank you.
    Marcos
    Hi,
    It should help you:
    http://searchsoftwarequality.techtarget.com/searchAppS
    ecurity/downloads/JSF_ch15.pdf
    Message was edited by:
    syllepsa

  • FORM Based Authentication and Browser Refreshing

    We are using FORM Based Authentication in our web application and it works rather well. I have noticed an interesting bit of behavior that I am unable to explain. After an attempt is made to access the first protected resource the container will display the login page specified in the web.xml file. After successful authentication the original protected resource is displayed as expected. In the Address line of the browser however the original URI requested is now replaced with the following:
    http://<domain>:<port>/<root>/j_security_check
    Now, when we hit the refresh button on the browser we get the following error:
    404 Not Found
    Resource /<domain>/j_security_check not found on this server
    Two questions. 1. why does it do this? and/or (more importantly) 2. How do I prevent this behavior or work around it?

    I�m trying to figure out how to pass the user�s ID
    and password, using form-based authentication and
    file realm, to our JDBC connection. Two separate issues.
    I've usually seen it done where there are three tiers, of course. The user provides login credentials from the view tier, which are passed to the controller tier. The controller will validate the user against a database or LDAP. Once they're validated, the credentials are put into session and provided for all apps that need them, including the persistence tier.
    The connection pool requires that you create connections using an application ID, not the user ID. You have to move the security out of the database and into the application.
    %

  • Issues with OSSO ,custom login module and form based authentication

    Hi:
    We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
    authentication and Custom login module.
    Application is going in infinite loop when we we try to login using osso ,from the logs
    what I got is looks like tha when we we try to login from OSSO application goes to the login
    page and it gets the remote user from request so it forwards it to the home page till now
    it is correct behaviour ,but after that It looks like home page find that authentication is
    not done and sends it back to the login page and login page again sends it to the home as it
    finds that remote user is not null.
    Our web.xml form authentication entry looks like this :
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/jsp/login.jsp</form-login-page>
    <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
    </form-login-config>
    </login-config>
    While entry in orion-application.xml has the following entry for custom login :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    </jazn>
    Whether If I change the authentication type to BASIC and add the following line
    in orion-application.xml will solve the issue :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    <jazn-web-app auth-method="SSO" >
    </jazn>
    Any help regarding it will be appreciated .
    Thanks
    Anil

    Hi:
    We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
    authentication and Custom login module.
    Application is going in infinite loop when we we try to login using osso ,from the logs
    what I got is looks like tha when we we try to login from OSSO application goes to the login
    page and it gets the remote user from request so it forwards it to the home page till now
    it is correct behaviour ,but after that It looks like home page find that authentication is
    not done and sends it back to the login page and login page again sends it to the home as it
    finds that remote user is not null.
    Our web.xml form authentication entry looks like this :
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/jsp/login.jsp</form-login-page>
    <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
    </form-login-config>
    </login-config>
    While entry in orion-application.xml has the following entry for custom login :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    </jazn>
    Whether If I change the authentication type to BASIC and add the following line
    in orion-application.xml will solve the issue :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    <jazn-web-app auth-method="SSO" >
    </jazn>
    Any help regarding it will be appreciated .
    Thanks
    Anil

  • Logout Functionality in Form Based Authentication Not Working Properly

    Hi All,
    I am using Form Based Authentication in ADF. In this I followed the following steps:-
    1.Login On Page.
    2.In successful login page ,copy the url
    3.Click on "Logout"
    4.Paste the url in login page and click enter
    5.System taking me back to that page where I can perform all the actions.
    But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
    Thanks & Regards
    Lovenish Garg

    Hi BaiG,
    For Login I am using the form based authentication and for logout here is my code:-
    public void logout() {
    ExternalContext ectx =
    FacesContext.getCurrentInstance().getExternalContext();
    HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
    HttpSession session = (HttpSession)ectx.getSession(false);
    session.invalidate();
    response.setHeader("Cache-Control", "no-cache");
    response.setHeader("expires", "0");
    response.setHeader("Pragma", "no-cache");
    try {
    response.sendRedirect("AdminLogin.html");
    } catch (IOException e) {
    logger.severe(e.getMessage());
    //Inform JSF to not take the response in hands
    FacesContext.getCurrentInstance().responseComplete();
    logger.info("session invalidated");
    Thanks,
    Lovenish Garg

  • Forms based authentication in sharepoint 2013 using custom membership provider

    I am developing  FBA  for SP2013 using custom membership provider using the following link 
    http://benredl.wordpress.com/2012/10/03/creating-forms-based-authentication-and-user-profiles-in-sharepoint-2013-using-custom-membership-and-role-providers-and-a-custom-user-profile-synchronization-utility/
    the feature i am trying to develop is that the user is created using a homegrown asp.net  application which uses sql server 
    and then When that user goes to SP2013 he should be able to login with the username and password created using the homegrown asp.net application 
    my questions are following 
    If I follow the article in the link should i be taking the assembly(dll) and deploying it to GAC or will VS2013 automatically do it
    Do I have to implement  FindUserByEmail and FindUserByName methods ?
    if the connectionstring for an asp.net application is in the web.config file  where would the connection for the sqlserver go if this application is for SharePoint 
    TIA

    Hi TIA,
    try this it contains the code for you and it is ready
    http://sharepoint2013fba.codeplex.com/
    Kind Regards, John Naguib Technical Consultant/Architect MCITP, MCPD, MCTS, MCT, TOGAF 9 Foundation

  • Form based authentication - users stored in db.

    I must use form based authentication and the users are stored in an oracle table.
    How can I configure OC4J to get this thing working ?
    I have search some days on the internet and came up with nothing ... Oracle seems to be offering so much security options that I don't know what to choose from.
    A simple example should be welcome ...
    Please help, I'm really getting desperate ...
    Thanks a lot in advance !

    Hi Partner:
    I'm having the some problem as you
    configuring a JDBC security.
    I yo have found some useful solution please
    let me know.
    Thank you.
    Roger.
    [email protected]
    [email protected]

  • Manager password in tomcat for form based authentication

    Hi all,
    I have a jsp using form based authentication.I have set up the web.xml,server.xml and created my database with the various users and roles but when i try to deploy the application,it as for the manger username/password and when i enter what i have in the database it refuses to connect.
    Anyone has any idea what i might be doiing wrong?
    Thans in advance

    Hi,
    I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

  • Configuring tomcat for form based authentication-help badly needed

    hi , i want to have form based or some other way of authentication for the users comming to my site , i have access only to web.xml , but in tomcat documentations its giveni need to change server.xml and tomcat-user.xml , can i make these changes on web.xml to implement it or please tell me way out of this please , i tried even jguard but it needs changes in jvm which also not into my access

    Hi,
    I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

  • Form based authentication very slow

    Hi,
    We are facing problem in form based login authentication. Any application having a form based authentication is taking too much time.
    We are running SAP J2EE Server 6.40 with SP16.
    The database and the J2EE server are in a single machine.
    The basic authentication does not show up any problem.
    The form based takes up too much amount of time but does go through.
    What can be the problem?
    Regards,
    Ameya

    Hi Ameya,
    if form based authentication is working fine for you then please send me complete step by step procedure or any document if you have any as i configured everything required for form based authentication and when i provide any of the .jsp page in the url i am not getting the login page. please help me as soon as possible

  • Get user and user-roles in form based authentication

    How do I get user and roles associated with the user in my bean for "form based authentication".
    regards,
    nirvan.

    HttpServletRequest#getUserPrincipal().
    This has nothing to do with JSF. Form based authentication is part of Servlet spec.
    In JSF you can get the HttpServletRequest by ExternalContext#getRequest().

  • SP4 and Form Based Authentication

    Hi,
    I had just advised a customer to apply SP4 to WLS and
    then plug in the 'source code' patch, he replied that he had
    been informed that SP4 breaks Form Based Authentication for
    war web apps?
    Can anyone confirm/deny this for me please ?
    regards,
         Patrick.

    Hehe Hiya Patrick!, that was Me! seems we use the same hot source of info :)
    Cheers
    Rob :)
    "Patrick Byrne" <[email protected]> wrote in message
    news:[email protected]..
    Hi,
    I had just advised a customer to apply SP4 to WLS and
    then plug in the 'source code' patch, he replied that he had
    been informed that SP4 breaks Form Based Authentication for
    war web apps?
    Can anyone confirm/deny this for me please ?
    regards,
    Patrick.

  • Can you enable both Windows Based Authentication and Forms Based Authenication for the same web application?

    Hello Community
        In WS2012 and SharePoint 2013 Server is it possible when creating a
    web application to enable both Windows Based Authentication/Negotiate
    (Kerberos) and enable Forms Based Authentication or does the web application
    use either one or the other?
        Thank you
        Shabeaut 

    Yes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
    Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
    http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
    http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
    Thanks
    Ganesh Jat [My Blog |
    LinkedIn | Twitter ]
    Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

  • Form based authentication getting logged in username and role

    Hi
    I have implemented a simple Form based authentication in my web site.
    I have maintained tomcat-users.xml file for user names, passwords and roles.
    Once my user is authenticated, I need to access his name and role in website.
    How can this be done.
    Please guide.
    Thanks

    The request object should contain the information, e.g. use request.getRemoteUser().

  • MOBI SSO with trusted authentication and form based authentication

    Dear All,
    I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
    - SAP BI 4.1 SP04
    - Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
    Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
    And
    Provide our app users their X502 certs.
    1. Will the above approach work ??
    2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
    I would appreciate your valuable inputs.
    Regards,
    Sarvjot Singh

    Hi,
    According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
    Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
    resources. Authentication methods include NTLM, Kerberos, and Basic.
    Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
    SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
    There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
    http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
    Thanks & Regards,
    Jason
    Jason Guo
    TechNet Community Support

Maybe you are looking for

  • CRM Analytics - User Authorization Not Suficient

    Hi Guys, We have implemented the CRM analytics report, however when I access the menu Sales Pro in CRM and try to open the report Closed Opportunities, I get the error : User Authorization not sufficient. If I open the error I get the message : Diagn

  • jsp:getProperty.... in a taglib-tag ???

    Hi ! I have taglib where I have defined a lots of classes and one of them I have a attribute who should be dynamic. I have tryed this: <easyTagz:submit iteration='<jsp:getProperty name='submission' property='maxCount'/>' /> but it dosen`t seem to wor

  • Creating tables with a long datatype

    I'm trying to create a table which is a copy of a table (and its contents) which has a long datatype column. I've got an error on the usual create table temp_XXXXX as select * from temp; statement. Any ideas please

  • Trouble with HTML5 site loading on phone

    I'm not very experienced, so this is probably a simple fix. What I'm experiencing is this: I've used an HTML5 template, worked up my content in Dreamweaver CC and published it. It loads and looks great on my desktop browser and on my tablet (iPad), b

  • How to copy files from TC to another TC with ethernet

    Hello. I bought a new 3 TB Time Capsule and I need to transfer almost 2 TB in files from my old Time Capsule. Using wireless says it will take more than a week... is there any other option? maybe ethernet? or do you know a faster way to do that? I've