I'm trying to use HttpServletRequest.login with form based authentication.
All is ok (the container tells if login/password are good), except that after the user has entered his login, I don't know how to redirect the user to the protected page he asked for (the login form is redisplayed). How to do that?
Thanks in advance for your help.
The code:
web.xml:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>security</realm-name>
<form-login-config>
<form-login-page>/faces/loginwithlogin.xhtml</form-login-page>
<form-error-page>/faces/noaut.xhtml</form-error-page>
</form-login-config>
</login-config>
Page loginwithlogin.xhtml
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core">
<h:head>
<title>Authentication</title>
</h:head>
<h:body>
<h:form>
Login :
<h:inputText value="#{login.login}" required="true" />
<p/>
Mot de passe :
<h:inputSecret value="#{login.password}" required="true" />
<p/>
<h:commandButton value="Connexion" action="#{login.submit}">
<f:ajax execute="@form" render="@form" />
</h:commandButton>
<h:messages />
</h:form>
</h:body>
</html>
Update: without Ajax it does not work.
Backing bean:
@Named
@SessionScoped
public class Login implements Serializable {
private String login;
private String password;
// getters and setters
...
public void submit() {
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request =
(HttpServletRequest) context.getExternalContext().getRequest();
try {
request.login(login, mdp);
context.addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_INFO,
"OK", null));
} catch (ServletException e) {
context.addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Bad login", null));
}
}
}
In case of container managed form based authentication, the login page is under the covers opened by a RequestDispatcher#forward()
and the original request URI is therefore available as a request attribute with the name as identified by RequestDispatcher#FORWARD_REQUEST_URI
. Request attributes (basically, the request scope) is in JSF available by ExternalContext#getRequestMap()
.
Thus, this should do:
private String requestedURI;
@PostConstruct
public void init() {
requestedURI = FacesContext.getCurrentInstance().getExternalContext()
.getRequestMap().get(RequestDispatcher.FORWARD_REQUEST_URI);
if (requestedURI == null) {
requestedURI = "some/default/home.xhtml";
}
}
public void submit() throws IOException {
// ...
try {
request.login(username, password);
externalContext.redirect(requestedURI);
} catch (ServletException e) {
context.addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Bad login", null));
}
}
You only need to make the bean @ViewScoped
(JSF) or @ConversationScoped
(CDI) instead of @SessionScoped
(and absolutely not @RequestScoped
; otherwise a different approach needs to be used with <f:param>
and <f:viewParam>
).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With