Skip to main content

Security. Form-based auth. using jdbc in JSF application(configuring web.xml)

2 replies [Last post]
netter
Offline
Joined: 2010-12-17
Points: 0

Good day, community.
I have a JSF web application.
There is a database that contains information about users(login, passwords, roles).
First table is 'Accounts' and consists of acc_id, acc_login, acc_password.
Second table is 'AccountRoles'- r_acc_id, r_role_id.
Third table is 'Roles' - role_id, role_name.
I need to have a web authorisation there. so that when opening the url of the app I want a simple page to appear. This page(XHTML) should have two inputs(login, password) and a submit button.
and after the user types the information and presses the button, my web-application should check if such user exists and what is his role.

i'm using the glassfish server 3.0.1, netbeans 6.9.1.
in the admin console of the glassfish server I configured the connection pool to my DB(the ping-check returned success), the connection resource and created the Security REALM.
this REALM name I use to put in web.xml in the Security section.
the realm name is secRealm. And I'm sure it's OK.
Now added to web.xml:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>secRealm</realm-name>
<form-login-config>
<form-login-page>faces/login.xhtml</form-login-page>
<form-error-page>faces/error.xhtml</form-error-page>
</form-login-config>
</login-config>

What should I do next? How to configure the web.xml further? and What should i place in login.xhtml and error.xhtml to make it work?
Please, help..

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
fisheri
Offline
Joined: 2010-12-23
Points: 0

Hi Netter,
I have the same problem as you.
Did you find the solution?. I am looking around in order to solve it but still anything.
You can answer me in fisheri360@gmail.com
Thanks in advance

fisheri
Offline
Joined: 2010-12-23
Points: 0

Hi Netter,
I found this link that I think it could be useful:
http://blogs.sun.com/enterprisetechtips/entry/improving_jsf_security_con...
My problem is that I dont know how a user is assigned a role when login. I do not know where this listener looks at to check which role has each user.
thanks