JSF authentication

Similar Messages

• JSF Authentication using Oracle XE

  Hi,
  I would like to know which is the Easiest way to make a Login Page very similar to the one described in this Tutorial:
  http://www.oracle.com/technology/obe/obe1013jdev/jsfintro/jsfintro.htm
  but authenticating Login from an Oracle XE Database Table. A very simple one, for example one that simply has two fields: user and password.
  A step by step guide would be certainly appreciated.
  Thanks in advance.

  Thank you very much sir.
  Well, that article seems very much complex to be honest, I am not familiar with JAAS, and some other technologies described there, I have to stick to JSF only in my case.
  If it's not much asking I just would like to know, If there's a way to retrieve the user and the password directly from the table, AFTER I have created an appropiate connection to the selected database which contains the USERS table.
  Once I have done that, Which Objects would be neccesary to create? and what code do I need to put in the backing bean to authenticate from the Database the values in the Input Text corresponding to the user and password?

• Authentication in JSF 2.0

  I could use some advise... I've been trying to implement authentication in a JSF 2.0 web application and I've not been completely successful. I'm using NetBeans 6.8 and GlassFish v3. Here is what I would like:
  1) Use container managed security with a JDBC realm. Users who register via the web app will end up as users in the table that is used to authenticate access to the web app
  2) I want to use role-base authorization that I can specify in my web.xml file as [described in the JEE 6 tutorial.|http://java.sun.com/javaee/6/docs/tutorial/doc/bnbxj.html#bnbxu]. Thus, I'd like to secure JSF pages as well as managed bean actions.
  3) My web app uses EJB's that are secured using the [EJB annotations as described in the JEE 6 tutorial|http://java.sun.com/javaee/6/docs/tutorial/doc/bnbyl.html#gjgcq]. My understanding is that the credentials from the web app are propagated to the EJB's, so I should not need to do anything, other than catch exceptions whenever the EJB is being accessed by an unauthorized role.
  4) Ideally, I'd like to use a JSF form to request username/password from a user. I know the JSF form cannot directly post the information to the container's security mechanism (i.e. j_security_check action). While I've found some ways to do it, none are really satisfactory, so I've had to just use a plain HTML form.
  5) I could do it [authentication programmatically as explained in the JEE 6 tutorial|http://java.sun.com/javaee/6/docs/tutorial/doc/gjiie.html]. Unfortunately, the tutorial shows how to do this from a Servlet and not from JSF. In particular, I could invoke the HttpServletRequest#login method, but its result does not enter a session and thus I cannot continue to use container managed authorization past the request. If I use HttpServletRequest#authenticate, then this will force the container to present the login form I specify in web.xml and the credentials will be in the session.
  6) FYI, I've tried to implement an authentication a Filter but the URL requests that come from a JSF 2.0 app just do not correspond to what I'm looking for in the filter. That is, if I have a directory named secured where I keep JSF pages to be accessed only by authenticated users, I set up a Filter to look for these requests and it does not behave as expected (or at least the way it behaves when I use it with JSP)
  I hope someone here can help me find the resources so I can implement this. I've Googled many times and most of what I'm finding is incomplete. I'd greatly appreciate anyone's help and guidance in this. FYI... some students are counting on me to deliver a solution to this! I did not think it would be difficult, but it has turned out to be that way.
  Thanks for reading this far!
  Alvaro

  Hello Ed. I have your JSF 2.0 book now. I download and tried the authentication example that you have on chapter 14. Unfortunately, authorization is not working as I would expect it. Here are the specifics:
  1) I'm running it on GlassFish v3
  2) According to the web.xml, you create two security constraints. One on /trainer/*** requests to be accessed only by users with role of trainer. Another on the /user/*** requests to be accessed only by users with role of user
  3) Whenever I try this app, I can access that pages without ever being authenticated (i.e. without logging in). I can access them by entering the URL's, say: http://localhost:8080/formBasedLogin/faces/user/userPage.xhtml
  This is the problem I've been having whenever I try to do authorization. For some reason, either the URL is not matching the pattern specified or it gets rewritten by JSF 2.0 in some way?
  Update: I'll leave the above comments, but I was able to get your example working by changing the URL patterns to: /faces/user/*** and /faces/trainer/*** Is this an error in the sample code or should the pattern you provide still work?
  Update 2: It seems that I've now figured out that there is a difference on whether I use an outputLink or a commandLink. I need to read more about this. In any case, the URL patterns do match requests that are specified as an outputLink, but not when they are specified by a commandLink -- in this case, JSF uses JavaScript to make the request to some resource which does not match the pattern. It looks like I was just using commandLink before whereas I should have been using outputLink.

• Using j_security_check container authentication with JSF

  Hi All,
  After quite a bit of looking around, we resorted to using a plain login JSP page with a ServletFilter on j_security_check to have container managed authentication in our JSF based web-site using IBM Websphere 5.1
  So, basically every other page but the login page is JSF and just the login page is simple JSP with j_username & j_password.
  Recently, I started looking in the direction of trying to directly/programmatically invoke j_security_check using URLConnection object. There are various discussions on this on google groups:
  1. http://groups-beta.google.com/group/comp.lang.java.programmer/browse_thread/thread/1a2768da559e43ae/243982a33f02ab80?q=URLConnection%20j_security_check&_done=/groups?q=URLConnection%20j_security_check&hl=en&lr=&sa=N&tab=wg&&_doneTitle=Back%20to%20Search&d=&
  2. http://groups-beta.google.com/group/weblogic.developer.interest.security/browse_thread/thread/a375370efec24566/b81dc8320bcbc304?q=URLConnection+j_security_check&_done=%2Fgroups%3Fq%3DURLConnection+j_security_check%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg%26&_doneTitle=Back+to+Search&&d#b81dc8320bcbc304
  My current code snippet is as follows:     public String submit(){
            String retVal = "";
            String j_username = getUserId().getValue().toString();
            String j_password = getPassword().getValue().toString();
            ExternalContext externalContext = getFacesContext().getExternalContext();
            String jsessionid = ((HttpSession)externalContext.getSession(false)).getId();          
            // Only if sanity checks and validations on j_username & j_password pass, proceed further.
            ApplicationParameter.getLogger().debug("Current jsessionid=" + jsessionid);
            ApplicationParameter.getLogger().debug("submitting login details (userId: " + j_username + " & password: " + j_password + ") to /j_security_check ...");
            try {
                 URL jSecurityCheckURL = new URL("http://localhost:9080/raweb/j_security_check;jsessionid=0000" + jsessionid + ":-1&j_username=" + j_username + "&j_password" + j_password);
                 HttpURLConnection jSecurityCheckURLConnection = (HttpURLConnection)jSecurityCheckURL.openConnection();
                 jSecurityCheckURLConnection.setRequestMethod("POST");
                 jSecurityCheckURLConnection.setInstanceFollowRedirects(false);
  //               jSecurityCheckURLConnection.addRequestProperty("j_username", j_username);
  //               jSecurityCheckURLConnection.addRequestProperty("j_password", j_password);
  //               jSecurityCheckURLConnection.setRequestProperty("j_username", j_username);
  //               jSecurityCheckURLConnection.setRequestProperty("j_password", j_password);
                 jSecurityCheckURLConnection.connect();
                 ApplicationParameter.getLogger().debug("j_security_check returned: " + jSecurityCheckURLConnection.getResponseCode() + ": " + jSecurityCheckURLConnection.getResponseCode());
                 if (null != externalContext) {
                      String remoteUser = externalContext.getRemoteUser();
                      ApplicationParameter.getLogger().debug("Authenticated username: " + remoteUser);
                      HttpServletRequest httpServletRequest = (HttpServletRequest)externalContext.getRequest();
                      Principal principal = httpServletRequest.getUserPrincipal();
                      if (null != principal) {
                           String userName = principal.getName();
                           ApplicationParameter.getLogger().debug("Authenticated username: " + userName);
                 } else {
                      ApplicationParameter.getLogger().debug("Unable to obtain Faces ExternalContext and hence the remote user details.");
            } catch (MalformedURLException ex) {
                 ApplicationParameter.getLogger().error(ex);
                 retVal = "";
            } catch (IOException ex) {
                 ApplicationParameter.getLogger().error(ex);
                 retVal = "";
            return retVal;
  The above code yields the following output:[DEBUG]: (Newlogin.submit:81) - Current jsessionid=H1QMk3TuyW_W8nSPnOtW-xi
  [DEBUG]: (Newlogin.submit:82) - submitting login details (userId: skhanna & password: password) to /j_security_check ...
  [DEBUG]: (Newlogin.submit:93) - j_security_check returned: 302: 302
  [DEBUG]: (Newlogin.submit:97) - Authenticated username: null
  Anyone have any idea why j_security_check returns 302 and also the authenticated username seems to be null indicating that the authentication did not go through!
  -Sandeep Khanna

  Can you help me!
  I try this for two days....
  Tomcat 5.0.27
  I get this:
  Current jsessionid=00F61ABF316F9A1676A41A1EA05177B2
  Submitting login details (userId: admin & password: admin) to /j_security_check!
  java.net.ConnectException: Connection refused: connect
  I have this code in backing bean:
  import java.net.HttpURLConnection;
  import java.net.MalformedURLException;
  import java.net.URL;
  import java.security.Principal;
  import javax.faces.context.ExternalContext;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpSession;
  public String commandButton_action()
  String retVal = "";
  String j_username = inputText1.getValue().toString();
  String j_password = this.inputSecret1.getValue().toString();
  URL jSecurityCheckURL = null;
  HttpURLConnection jSecurityCheckURLConnection = null;
  ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
  String jsessionid = ((HttpSession)externalContext.getSession(false)).getId();
  System.out.println("Current jsessionid=" + jsessionid);
  System.out.println("Submitting login details (userId: " + j_username + " & password: " + j_password + ") to /j_security_check!");
  try {
  jSecurityCheckURL = new URL("http://localhost:9080/raweb/j_security_check;jsessionid=0000" + jsessionid + ":-1&j_username=" + j_username + "&j_password=" + j_password);
  jSecurityCheckURLConnection = (HttpURLConnection)jSecurityCheckURL.openConnection();
  jSecurityCheckURLConnection.setRequestMethod("POST");
  jSecurityCheckURLConnection.setInstanceFollowRedirects(false);
  jSecurityCheckURLConnection.connect();
  System.out.println("j_security_check returned: " + jSecurityCheckURLConnection.getResponseCode());
  //System.out.println("Current jsessionid=" + jsessionid);
  if (null != externalContext) {
  String remoteUser = externalContext.getRemoteUser();
  System.out.println("Authenticated username: " + remoteUser);
  HttpServletRequest httpServletRequest = (HttpServletRequest)externalContext.getRequest();
  Principal principal = httpServletRequest.getUserPrincipal();
  if (null != principal) {
  String userName = principal.getName();
  System.out.println("Authenticated username: " + userName);
  } else {
  System.out.println("Unable to obtain Faces ExternalContext and hence the remote user details.");
  catch (MalformedURLException ex) {
  System.out.println(ex);
  jSecurityCheckURL = null;
  jSecurityCheckURLConnection = null;
  retVal = "";
  catch (IOException ex) {
  System.out.println(ex);
  jSecurityCheckURL = null;
  jSecurityCheckURLConnection = null;
  retVal = "";
  return retVal;
  I try all this URL:
  http://localhost:8080/jSecurityCheck/j_security_check?jsessionid=" + jsessionid + "&j_username=" + j_username + "&j_password=" + j_password
  http://localhost:9080/raweb/j_security_check;jsessionid=0000" + jsessionid + ":-1&j_username=" + j_username + "&j_password=" + j_password
  TWO DAYS ..... H E L P M E !!!

• Dynamic User Authentication in JSF, ADF BC Application

  I have developed a JSF, ADF BC Application using JDeveloper 10.1.3.3. My application consists of jspx pages and I also have to integrate some existing oracle forms with it using OraFormsFaces library.
  I have successfully used custom DBProcLogin Module by Frank to authenticate the users with the help of a stored procedure and user credentials stored in database tables.
  During integrating Oracle Forms I realised that some of these oracle forms use get_application_property(username) to retreive connected user information. All of the users which are stored in database tables are also oracle users with the same credentials as stored in database tables. The existing oracle forms based application was connecting to Oracle every time with different provided user credentials each time and therefore returning correct (required) user name information.
  Now since I have used DBProcLogin Module in new ADF application, when I run it, user is successfully authenticated but get_application_property(username) in the existing oracle forms returns the user name that application module is using to connect with the database. To make it work correctly, I want my ADF application to connect to oracle database with different user each time.
  I have searched and seen topics such as, Dynamic JDBC Credentials, Database Proxy Users etc. But I am confused with the width and depth of this much information available. Therefore, I thought I may get some advice from the experts present in the forum that which of the techniques will go best with my application.
  Keeping in view the scenario that I have provided, can someone please guide me to the best suitable technique and the related information/documentation?
  Thanks in advance,
  Amir

  Hi,
  the whitepaper you reference is written by the expert on this subject. Samples are posted by the same author: http://radio.weblogs.com/0118231/stories/2004/09/23/notYetDocumentedAdfSampleApplications.html
  Note that what you try to do will create a dedicated connection for Forms and ADF, which means that 100 users will have 200 database connections open.
  Frank

• How to Create User ,Group ,Role in Jsf and Give  differ authentication to e

  Hi i am working in java server faces .
  i trying to create roles ,user with different abilities .
  Like one is normal user, admin , they have different abilities,
  i need that abilities on bases of module,form,field like Drupal like CMS they provide.
  So how to do that think in JSF plz help

  You can use one of the various ways Java EE provides you, e.g. container managed authentication.
  It's also all in the Java EE tutorial: [http://java.sun.com/javaee/5/docs/tutorial/doc/bncas.html].
  You can configure it in the application server as well: [http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html].
  Here is an example how to use it in JSF: [http://ocpsoft.com/java/acegi-spring-security-jsf-login-page/].

• Standard Authentication in JSF

  well i have a basic doubt of what is stanard authentication in JSF...
  well i use jsf and sdo...i use data objects and check whether username exists....
  i dont know what is standard authentication??
  how do i do that in JSF RAD....???
  how do i protect the pages based on Roles....
  (i can see options for roles in web.xml in RAD) but i am not in a position to use it...
  please help me to understand
  thanks...

  I've never heard of the term 'SDO'. Don't you mean 'SSO'?
  At least, what you described about the web.xml is just container based authentication. <security-constraint> and so on.
  Anyway, is it a job? Talk with your manager/lead about your skills. You're really in a deep hole now. You appears to be in lack of basic Java EE knowledge. This is not a good idea. Ask him for books and courses and take time to learn the basics and concepts properly. Another hint may be: don't use the visual drag'n'drop editor of RAD. Just switch to Java EE mode and write code by hand. Otherwise you will get lost when you need to solve a simple technical problem in between all of those autogenerated code garbage.

• Authorization and Authentication using filters in jsf aplication

  Hello,
  I need some valuable suggestions to develop a jsf application for users to login where they be Authenticated and Authorized to go to other applications using filters . I am using websphere application server 6.0.
  and need to share sesion data across application.
  Please let me know some existing application or example to look into.
  Thanks in advance. :)

  javafullinto wrote:
  All the requests that are to a particlar folder must be authenticated and once authenticated they must be logged in until they logout or close the browser.
  How can I do this using filters.Just check if the user is logged in and handle accordingly. If the user is not logged in, then redirect the request to the login page or so. If the user is logged in, then continue with request.
  Pseudo:doFilter() {
      if (user is not logged in) {
          redirect to login page;
      } else {
          proceed with request;
  }And map this filter on an url-pattern covering the secured pages. Fairly simple.

• Authentication / authorization in jsf

  hi all!
  how can I perform a authentication/authorization system in jsf?
  Last time i've checked the user form and created a userBean in session scope,if the user is valid.
  how can I check if the user is logged and witch page he try to retrieve,for every url?
  do you know of any on line resources on this?
  thanks a lot
  Luca

  hi all!
  how can I perform a authentication/authorization system in jsf?
  Last time i've checked the user form and created a userBean in session scope,if the user is valid.
  how can I check if the user is logged and witch page he try to retrieve,for every url?
  do you know of any on line resources on this?
  thanks a lot
  Luca

• Authenticating user in JSF from PHP portal (Joomla)

  Hi there!
  Here, where I work, there's a portal in php (Joomla) where all users gets authenticated.
  I made an application using jsf and the protection to some pages, from anonymous access, is done by JSF Filters, but the users needs to login twice (Joomla and JSF).
  I need to avoid the redundant authentication.
  I found this solution: http://www.nuwanbando.com/?p=72, but modifying Joomla pages is not an option for me.
  Please, someone can comment about some possible solutions that I can use?
  Thank you in advance!
  Flávio Henrique

  There are many possible solutions, but you would need to figure out how to make the JSF pages secure by disabling authentication for the JSF pages. You could do this with some template that only displays the pages if something else is provided like some parameter passed to the JSF side, but that gets risky. Really what you are needing is single sign on feature that works between technologies. I would imagine you would really need some kind of federated authentication server that both PHP and JSF talk to and that both would share a single session id of some type. - Ponderator
  Edited by: Ponderator on Mar 20, 2009 1:45 PM

• Form based authentication in JSF

  Hi,
  I am using form based authentication in JSF .
  I am not able to display the JSF page.
  I have this security constraint in my web.xml
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
  <url-pattern>/jsp/WorkingZone.jsp</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>manager</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Example Form-Based Authentication Area</realm-name>
  <form-login-config>
  <form-login-page>/Login/login.jsp</form-login-page>
  <form-error-page>/Login/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  WorkingZone.jsp is a jsp page with JSF components.Which can only be invoked with faces context.
  I am using JDBCRealm
  For the valid user I am getting this error------>
  HTTP Status 400 - Invalid direct reference to form login page
  type Status report
  message Invalid direct reference to form login page
  description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
  Please give me the solution.How can I access my jsf page.

  Thank you.
  Marcos
  Hi,
  It should help you:
  http://searchsoftwarequality.techtarget.com/searchAppS
  ecurity/downloads/JSF_ch15.pdf
  Message was edited by:
  syllepsa

• Form-based authentication and JSF

  I am trying to use a form-based authentication in Tomcat 6, and from what I understand the page that contains the login form can not be a JSF page.
  The problem I'm having with this is that I need the client's username and password accessible from my backing bean, but I don't know how to put them there from a standard JSP.
  Before all this, I had a simple login form with username/password fields that were bound to a bean, and a button that executed a bean method that would perform the login procedure, retrieve the client's data from the DB and create a Client object in the session to be accessible throughout the application. Now, I need to use container managed access control with form-based authentication, and I know how to set it up but don't know how to create the Client object if the container does all the authentication and I never even get a hold of a username/password combination let alone the rest of the client's data.
  Any advice on this would be greatly appreciated.

  alf.redo wrote:
  ...following article: [j2ee_security_a_jsf_based_login_form|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form]
  This is exactly the solution I am planning to use. It is good to know there are others who have decided to go that way.
  Thanks

• JSF + Acegi + Spring error after sucessful authentication

  I use JSF like presentation layer in my Spring application, and acegi to manage the security.
  When the aplication try to authenticate a user and it sucess, the AbstractProcessingFilter do a response.sendRedirect(response.encodeRedirectURL(t argetUrl)); i've verified that the target url is the rigth one, it's supposed that after sucessfuly authenticated the user be redirected to the targetUrl specificated to the AuthenticationFilter, but instead it trows an Exception:
  javax.servlet.ServletException: Cannot find FacesContext
  at org.apache.jasper.runtime.PageContextImpl.doHandle PageException(PageContextImpl.java:848)
  This is my faces navigation rules:
  <navigation-rule>
  <from-view-id>/welcome.jsp</from-view-id>
  <navigation-case>
  <from-outcome>otra</from-outcome>
  <to-view-id>/secured.jsp</to-view-id>
  <redirect/>
  </navigation-case>
  </navigation-rule>
  and this is the targetUrl that the AuthenticationFilter redirect to:
  http://localhost:8080/MyApplication/secured.jsp
  The user try to navigate from wellcome.jsp to secured.jsp, and then the acegi filters engine intercept the recuest, redirect to the authentication page, the user authenticate sucessfuly and the acegi filters send back the user to the original url, the targetUrl, and then the exception...
  I think this is caused by the fact that there is not a faces context created when the AuthenticationFilter finish its work and return to the filter chain, and the filter chain finish too and try to return to the original thread of execution; like the filter is the first that manage the request, there is no faces context created and then the exception come in.
  Is this correct? how can i aboid this difficulty?
  Why this is happening? There is some kind of incompatibility between acegi and jsf?
  I'll appreciate very much your answer.
  Message was edited by:
  maykell

  ideas yeah, solution, ... maybe
  Do you run the stuff as the local administrator, not a domain administrator.
  Use runas administrator
  Any option to take machine temporary out of the domain?
  What does CSCOpx\bin\resolver.pl think of your hostname?
  If you try this URL  https://server_IP_obfuscated/cwportal/group/lms/lms-monitoring rather then relying on the redirect after the login.
  Does that make any difference?
  Tried firefox and IE? supported old version?
  Cheers,
  Michel

• Can not upload image of larger size in jsf

  i had some issues in file uploading. File uploading is working fine in my local machine and when i am using the www.mywebsite.com:8080/fileUpload.jsf
  but i can not upload images by using the following www.mywebsite.com/fileUpload.jsf
  Ie: without the port. I am using windows server and tomcat 5.5.27
  When i am trying to upload a bigger size image i am getting the following error
  I am using jsf(tomahawk)
  09:10:47,315 ERROR MultipartRequestWrapper:? - Exception while uploading file.
  org.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Socket read failed
  at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:384)
  at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:268)
  at org.apache.myfaces.webapp.filter.MultipartRequestWrapper.parseRequest(MultipartRequestWrapper.java:85)
  at org.apache.myfaces.webapp.filter.MultipartRequestWrapper.getParameter(MultipartRequestWrapper.java:181)
  at org.apache.myfaces.context.servlet.RequestParameterMap.getAttribute(RequestParameterMap.java:42)
  at org.apache.myfaces.context.servlet.AbstractAttributeMap.get(AbstractAttributeMap.java:91)
  at org.apache.myfaces.renderkit.html.HtmlResponseStateManager.getTreeStructureToRestore(HtmlResponseStateManager.java:159)
  at org.apache.myfaces.application.jsp.JspStateManagerImpl.getSequenceString(JspStateManagerImpl.java:260)
  at org.apache.myfaces.application.jsp.JspStateManagerImpl.restoreTreeStructure(JspStateManagerImpl.java:230)
  at org.apache.myfaces.application.jsp.JspStateManagerImpl.restoreView(JspStateManagerImpl.java:267)
  at org.apache.myfaces.application.jsp.JspViewHandlerImpl.restoreView(JspViewHandlerImpl.java:231)
  at org.apache.myfaces.lifecycle.RestoreViewExecutor.execute(RestoreViewExecutor.java:81)
  at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
  at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
  at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:100)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
  at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
  at com.zerone.rrs.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:100)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
  at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:444)
  at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:472)
  at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286)
  at java.lang.Thread.run(Unknown Source)

  Never mind . problem solved after i restarted

• Need a login strategy for JSF application

  I have inherited a JSF application (prototype) and need to modify this application to require a user login. Right now, the application requires a login only for a sub-portion of the application, well after JSF is up and running. That has to change to require the login before the JSF application is invoked.
  Basically, what I want to do is present a standard login form (user name, password, and "submit" button). This information will be sent to "j_security_check" where the servlet engine will validate the user against an LDAP server and then look up some user role information. I have no control over user authentication. Once the user has logged in, the application will be looking at user roles to determine what elements of the JSF application they are permitted to access.
  In addition, I need to be able to detect when the user's session has expired. When this occurs, I need to automatically reroute the user back to the login page. The prototype I inherited currently has all of the JSF backing beans check to see if the Session is still valid before executing any actions. This seems rather tedious and error-prone to me.
  I am not very familiar with security and user authentication issues (somebody else always wrote that part). I think the approach I need to take is: (1) create a login page. (2) create a login error page. (3) create a filter to check to see if the user's session has expired and, if so, re-route the request to the login page.
  My questions:
  1. Is this the best approach? If not , what is a better approach?
  2. Can I use JSF elements for the various login pages, or do I need to use JSP or HTML elements only?
  3. Can you point me to an example or tutorial that explains what I need to do?
  I've looked at a couple of servlet books, a JSF book, and Sun's online Java tutorials, but I don't see anything that looks quite like what I think I need to do here.
  Once I get passed security handling, the rest of the application is all JSF and will be easy to build.
  Thanks for your thoughts, comments, and assistance.

  I have three macs and use one of them as the TM backup destination (that mac has 4 large external disks, I devote one disk at a TM backup for each of the macs) - that mac is also the file server. (I do also use an externally attached HD on one of the other macs as redundancy.) The system works very well and when set up requires no administration, it's automatic! Since the backups are made hourly, I have fresher data than my old system of doing nightly backups using a traditional backup app.
  I even had to do a full restore last week on one of the macs and found the process worked flawlessly, had the mac up and running after the 2 hour restore finished.
  For critical data (business or professional) I also recommend doing occasional boot disk backups using another backup app. I do that with one of my macs. Note: although I have wireless capability with each mac, I use wired Ethernet connections for speed and reliability.