webtier@glassfish.java.net

Re: Login using realm security

From: <webtier_at_javadesktop.org>
Date: Wed, 07 Jan 2009 10:20:46 PST

Hi, Pradyut

The Glassfish programmatic login is done through the com.sun.appserv.security.ProgrammaticLogin class. It's fairly straightforward.

Let's say I have a realm named "test" set up through the admin console. I've set up users and groups, have the principal -> role mapping done in sun-web.xml, and have my roles defined in web.xml. As per usual.

Once you've gathered your username and password from a JSF login page, the following will do the login:

ProgrammaticLogin pm = new ProgrammaticLogin();
boolean loginSuccess = pm.login(username, password, "test", request, response, false);

"test" is my realm that I set up. "request" and "response" are the HttpServletRequest and HttpServletResponse that you get from FacesContext. This is so when you call isUserInRole() or getUserPrincipal() that they actually work, rather than returning null or false...there are other forms of login() that don't involve passing the request and response, but then it's either non-trivial (or impossible) to get this information.

That's all there is to it really. If login didn't succeed you can set a FacesMessage and go right back to your login page; if it was successful that's when you do your redirect to the real start page for your app. For example, something like

return loginSuccess ? "start" : null;

from the doLogin() JSF action (if using declared navigation in faces-config.xml, with a <redirect/> in your navigation case). Or the usual response.sendRedirect() + facesCtx.responseComplete().

So as you see the realm .... file, LDAP, JDBC, whatever ... is most definitely involved in programmatic authentication.

You also need to grant permission for the programmatic security. For example, in order to get this little demo to work (I was curious, and I haven't tried it on Glassfish til now), I put

grant codeBase "file:/Users/arveds/Development/NetBeansProjects/TestJSF2/build/web/-" {
     permission com.sun.appserv.security.ProgrammaticLoginPermission
     "login";
 };

in my $GLASSFISH_INSTALL_LOC/domains/$CURRENT_DOMAIN/config/server.policy file. There's probably a more elegant way to do this, but I don't know it offhand.

As for cookies and realm security, I'm not sure what you mean.

Arved
[Message sent by forum member 'arveds' (arveds)]

http://forums.java.net/jive/thread.jspa?messageID=324593
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.