In this example, I use JSF 2.x to perform the same kind of login. The code is very similar, but the logout method has been simplified in JSF 2. There is no need to get the
HttpSession
object to invalidate the session. Here is my comment from the previous article.One of the common issues that comes up frequently is how to use form based authentication with JSF with j_security_check. This code example and NetBeans project demonstrate how to use JSF and facelets with various browsers. The code is simple and undecorated. I wanted to make sure it had the broadest browser compatibility.
Maven project: jsf2-login.zip
Note: If you test it with other browsers, please post a comment to let me know what it works on. The list below is what I have available to me.
Compatibility
- Mozilla Firefox 4
- Internet Explorer 8
- Chrome 11
- Safari 5
- Opera 11
Note: The xhtml form below did not work on Internet Explorer 8 until I disabled the comments in the
web.xml
file. There is a comment in the file which also indicates that it is an issue with IE 8.Note: The
login.xhtml
form uses an HTML based form
and not a JSF <h:form />
tag. login.xhtml
<?xml version="1.0" encoding="UTF-8"?> <!-- Copyright 2011 Blue Lotus Software, LLC. Copyright 2011 John Yeary. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. under the License. --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html"> <head> <title>Login</title> </head> <body> <form method="post" action="j_security_check" name="loginForm"> <h:panelGrid columns="2"> <h:outputLabel id="userNameLabel" for="j_username" value="#{msgs.username}:"/> <h:inputText id="j_username" autocomplete="off" /> <h:outputLabel id="passwordLabel" for="j_password" value="#{msgs.password}:"/> <h:inputSecret id="j_password" autocomplete="off"/> <div/> <h:panelGroup> <h:commandButton type="submit" value="Login"/> <h:commandButton type="reset" value="Clear"/> </h:panelGroup> </h:panelGrid> </form> </body> </html>
SessionBean.java
/* * Copyright 2011 Blue Lotus Software, LLC. * Copyright 2011 John Yeary <jyeary@bluelotussoftware.com>. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * under the License. */ /* * $Id:$ */ package com.bluelotussoftware.example.jsf.login; import java.io.Serializable; import javax.faces.bean.ManagedBean; import javax.faces.bean.SessionScoped; import javax.faces.context.ExternalContext; import javax.faces.context.FacesContext; /** * * @author John Yeary <jyeary@bluelotussoftware.com> * @version 1.0 */ @ManagedBean @SessionScoped public class SessionBean implements Serializable { private static final long serialVersionUID = 916055190609044881L; /** * Default constructor. */ public SessionBean() { } /** * Logs the current user out by invalidating the session. * @return "logout" which is used by the {@literal faces-config.xml} * to redirect back to the {@literal index.xhtml} page. */ public String logout() { FacesContext facesContext = FacesContext.getCurrentInstance(); ExternalContext externalContext = facesContext.getExternalContext(); externalContext.invalidateSession(); return "logout"; } }
truly interesting stuff!
ReplyDeleteForms
what the login credentials to test out the feature. I'm looking through any config while within the project, cant find any.
ReplyDeleteI want to trace the behavior on successful login
The example uses the Apache Tomcat security mechanism. You need to configure the tomcat-users.xml file for the user and roles you want to allow access.
ReplyDelete