Pages

Sunday, June 05, 2011

JSF 1.2 Facelets Form Based Authentication (j_security_check)

Simple Login Screen
One of the common issues that comes up frequently is how to use form based authentication with JSF with j_security_check. This code example and NetBeans project demonstrate how to use JSF and facelets with various browsers. The code is simple and undecorated. I wanted to make sure it had the broadest browser compatibility.

Maven project: jsf12-login.zip

Note: If you test it with other browsers, please post a comment to let me know what it works on. The list below is what I have available to me.

Compatibility

  • Mozilla Firefox 4
  • Internet Explorer 8
  • Chrome 11
  • Safari 5
  • Opera 11

Note: The xhtml form below did not work on Internet Explorer 8 until I disabled the comments in the web.xml file. There is a comment in the file which also indicates that it is an issue with IE 8.

Note: The login.xhtml form uses an HTML based form and not a JSF <h:form /> tag.

login.xhtml


<?xml version="1.0" encoding="UTF-8"?>
<!--
 Copyright 2011 Blue Lotus Software, LLC.
 Copyright 2011 John Yeary.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 under the License.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://java.sun.com/jsf/html">
    <head>
        <title>Login</title>
    </head>
    <body>
        <form method="post" action="j_security_check" name="loginForm">
            <h:panelGrid columns="2">
                <h:outputLabel id="userNameLabel" for="j_username" value="#{msgs.username}:"/>
                <h:inputText id="j_username" autocomplete="off"/>
                <h:outputLabel id="passwordLabel" for="j_password" value="#{msgs.password}:"/>
                <h:inputSecret id="j_password" autocomplete="off"/>
                <h:commandButton type="submit" value="Login"/>
                <h:commandButton type="reset" value="Clear"/>
            </h:panelGrid>
        </form>
    </body>
</html>

SessionBean.java


/*
 *  Copyright 2011 Blue Lotus Software, LLC.
 *  Copyright 2011 John Yeary <jyeary@bluelotussoftware.com>.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *  under the License.
 */
/*
 *  $Id:$
 */
package com.bluelotussoftware.example.jsf.login;

import java.io.Serializable;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpSession;

/**
 *
 * @author John Yeary <jyeary@bluelotussoftware.com>
 * @version 1.0
 */
public class SessionBean implements Serializable {

    private static final long serialVersionUID = 916055190609044881L;

    /**
     * Default constructor.
     */
    public SessionBean() {
    }

    /**
     * Logs the current user out by invalidating the session.
     * @return &quot;logout&quot; which is used by the {@literal faces-config.xml}
     * to redirect back to the {@literal index.xhtml} page.
     */
    public String logout() {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext externalContext = facesContext.getExternalContext();
        HttpSession session = (HttpSession) externalContext.getSession(false);
        session.invalidate();
        return "logout";
    }
}
Enhanced by Zemanta

1 comment:

  1. great article, me too always get error j_security_check not found in defualt tomcat installation examples protected

    ReplyDelete