Comments on: Authentication in JSF2 with JAAS: Part 2 – Authenticating a client/user

By: Dominik Dorn

Dominik Dorn — Tue, 07 Jun 2011 14:46:57 +0000

the action has to be relative to the webapp-context root, e.g. action=”#{request.contextPath}/j_security_logout”

By: Paulo

Paulo — Tue, 07 Jun 2011 14:41:31 +0000

Thanks for this tutorial but when i create a form with action=”j_security_logout”, the user is not really logout. Have you any idea about this problem ?

By: Dominik Dorn

Dominik Dorn — Fri, 24 Sep 2010 19:41:40 +0000

Thanks SundjerBob for the comment.
Actually it has to be #{request.contextPath}/j_security_check as it would otherwise not work with rewritten urls. If adapted the post to reflect this change.

By: SundjerBob

SundjerBob — Fri, 24 Sep 2010 13:22:22 +0000

Hi,
For all of you who haven’t lost 3 hours on this yet,
instead of

action=”/j_security_check”

in form tag,
goes

action=”j_security_check”

thanks for the tutorial

By: Vinnie

Vinnie — Sun, 19 Sep 2010 05:45:51 +0000

Great post. I’m developing a JSF app and looking for JSF security example.
I’m waiting for your next part 3. Please share your best experience with JSF security. Thank you.

By: Wikisky

Wikisky — Mon, 19 Jul 2010 16:54:45 +0000

Great post. Is there any hope for next part?
Thanks

By: Dominik Dorn

Dominik Dorn — Thu, 24 Jun 2010 10:59:57 +0000

@Vitor: Thats essentially what Seam Faces, which is led by my friend Lincoln Baxter, III., does: it provides a Producer-Method for certain things like FacesContext, HttpServletRequest, etc.

Take a look at http://seamframework.org/Seam3/FacesModule

After including it into your webapp, you could simply use
@Inject HttpServletRequest request;
in your beans.

By: Vítor Souza

Vítor Souza — Mon, 21 Jun 2010 14:13:55 +0000

I tried defining an HttpServletRequest property in my EJB with the @Resource annotation but it didn’t work. I didn’t try other CDI annotations (e.g. @Inject). I ended up getting it from the context:

HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();

I also added catches for NullPointerException and ClassCastException to show user-friendly messages in case something goes bad…

Anyways, I’ll wait for your next post to see how you do it.\

Thanks again!
Vítor

By: Attila

Attila — Sun, 20 Jun 2010 22:34:28 +0000

Hi!
Nice tutorial, I’m also waiting for part 3

By: Dominik Dorn

Dominik Dorn — Wed, 16 Jun 2010 13:30:17 +0000

@Vitor:

Currently I’m always injecting the HttpServletRequest into a CDI bean, calling request.login(username, password) there. if that does not throw an exception, I store additional stuff in the (Http)session.

But sure, will blog about that too.