Skip to main content

[webtier] jsf login page

7 replies [Last post]
Anonymous

Hi folks,

I configured form based authentication against a jdbc realm in GF v3.0.1. Currently, I'm using the j_security_check action with plain HTML, but I'd like to use jsf. Is there anything I need to consider to make this work?

Thanks,
Theo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
rjdkolb
Offline
Joined: 2006-07-20

Hi Theodor

I have found the best way is write a JSF login page the way you want to.
Then add a Action on the login page to redirect to your main page or throw a SecurityException.

http://it-result.me/servlet-3-programmatic-authentication-api/

regards
Richard

Theodor Richard

Hello Richard,

thanks for the link. Does that mean I have to check for every page whether
the current user is authenticated and redirect to the login page if it's not
the case?

Regards,
Theo

On Tue, Jun 29, 2010 at 10:54 AM, wrote:

> Hi Theodor
>
> I have found the best way is write a JSF login page the way you want to.
> Then add a Action on the login page to redirect to your main page or throw
> a SecurityException.
>
>
> http://it-result.me/servlet-3-programmatic-authentication-api/
>
> regards
> Richard
> [Message sent by forum member 'rjdkolb']
>
> http://forums.java.net/jive/thread.jspa?messageID=476260
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>
[att1.html]

rjdkolb
Offline
Joined: 2006-07-20

Hi Theodor

> thanks for the link. Does that mean I have to check for every page whether
the current user is authenticated and redirect to the login page if it's not
the case?

No :) It happens in your session. You just need to assign role based access to your system.

So users with role admin can browse /admin/
But users with role normal_users can not browse /admin/

Or users with role admin can only call abcObject.getCurrentUsers(); with getCurrentUsers() as an annotation @RolesAllowed("admin")

The are some very nice articles on "Container based Authentication". NetBeans also has cool wizards to help you with the sun-web.xml
It's JavaEE's way of saving you time and money.

Hope this helps
Richard.

Theodor Richard

Thanks Richard,

I'll definitely try this out.

I love the way how Java EE tries to ease the development process and saves
time and money. But so far, that's all in theory to me. In practice, you end
up spending a lot of time getting your app work in Glassfish. And that's
really time consuming, even for non complex applications.

Regards,
Birol

On Thu, Jul 1, 2010 at 1:53 PM, wrote:

> Hi Theodor
>
> > thanks for the link. Does that mean I have to check for every page
> whether
> the current user is authenticated and redirect to the login page if it's
> not
> the case?
>
> No :) It happens in your session. You just need to assign role based access
> to your system.
>
> So users with role admin can browse /admin/
> But users with role normal_users can not browse /admin/
>
> Or users with role admin can only call abcObject.getCurrentUsers(); with
> getCurrentUsers() as an annotation @RolesAllowed("admin")
>
> The are some very nice articles on "Container based Authentication".
> NetBeans also has cool wizards to help you with the sun-web.xml
> It's JavaEE's way of saving you time and money.
>
> Hope this helps
> Richard.
> [Message sent by forum member 'rjdkolb']
>
> http://forums.java.net/jive/thread.jspa?messageID=476504
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>
[att1.html]

rjdkolb
Offline
Joined: 2006-07-20

Hi Birol

> I love the way how Java EE tries to ease the development process and saves
> time and money. But so far, that's all in theory to me. In practice, you end
> up spending a lot of time getting your app work in Glassfish. And that's
> really time consuming, even for non complex applications.

Yes, I have been though this cycle many times trying out 'new' things that are supposed to help in soon to be production applications. It wastes time, and you have to google over and over to get something working. After you deploy your app into production you realize you implemented it incorrectly or inconsistency.

My advice ; Make architectural prototypes for your software.
Example if you are making many CRUD type components in your application, make one example app with one or two CRUD's that interact with a live database. Once you have worked out the kinks and requested comments from other developers make it the standard for your application/s. Other developers on the project must conform to this method. If you find a flaw in the prototype, fix it in the prototype and propagate back into your application.

Implementing a MVC .NET webpage with all of Microsoft's new patterns and LinQ also has similar problems trust me.
Learning while you are coding it a bad idea and is risky.

Oh, by the way, this is not my idea.
It's from the 'Sun Certified Enterprise Architect for Java EE Study Guide'. I really recommend it.

And another tip from this book.
Q : What is the difference between a senior developer and a Architect ?
A : A senior developer worries about what happens when a button is clicked. An Architect wonders what will happen when a 1000 users click the button.

regards
Richard.

Theodor Richard

On Fri, Jul 2, 2010 at 9:04 AM, wrote:

> Hi Birol
>
> > I love the way how Java EE tries to ease the development process and
> saves
> > time and money. But so far, that's all in theory to me. In practice, you
> end
> > up spending a lot of time getting your app work in Glassfish. And that's
> > really time consuming, even for non complex applications.
>
> Yes, I have been though this cycle many times trying out 'new' things that
> are supposed to help in soon to be production applications. It wastes time,
> and you have to google over and over to get something working. After you
> deploy your app into production you realize you implemented it incorrectly
> or inconsistency.
>
> My advice ; Make architectural prototypes for your software.
> Example if you are making many CRUD type components in your application,
> make one example app with one or two CRUD's that interact with a live
> database. Once you have worked out the kinks and requested comments from
> other developers make it the standard for your application/s. Other
> developers on the project must conform to this method. If you find a flaw in
> the prototype, fix it in the prototype and propagate back into your
> application.
>
> Implementing a MVC .NET webpage with all of Microsoft's new patterns and
> LinQ also has similar problems trust me.
> Learning while you are coding it a bad idea and is risky.
>

Thanks a lot for the advice. I'm wondering whether this is because of
glassfish (what causes me headaches), since it's an open-source reference
implementation. I don't know whether GF has the same maturity for production
use like other open source projects. Once there's a commercial alternative
that supports JEE 6 (e.g. IBM WebSphere), I'll have a look at it, as well.

>
>
> Oh, by the way, this is not my idea.
> It's from the 'Sun Certified Enterprise Architect for Java EE Study Guide'.
> I really recommend it.
>
> And another tip from this book.
> Q : What is the difference between a senior developer and a Architect ?
> A : A senior developer worries about what happens when a button is clicked.
> An Architect wonders what will happen when a 1000 users click the button.
>

:) I ordered the book and will start reading it. Thanks!

>
>
> regards
> Richard.
> [Message sent by forum member 'rjdkolb']
>
> http://forums.java.net/jive/thread.jspa?messageID=476616
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>
[att1.html]

rjdkolb
Offline
Joined: 2006-07-20

Hi Theodor

> Thanks a lot for the advice. I'm wondering whether this is because of
> glassfish (what causes me headaches), since it's an open-source reference
> implementation. I don't know whether GF has the same maturity for production
> use like other open source projects. Once there's a commercial alternative
> that supports JEE 6 (e.g. IBM WebSphere), I'll have a look at it, as well.

This is a good questions, especially with Oracle taking over Sun.
Oracle GlassFish is a full production server. You can choose, $1000 per CPU per year
It's the same software, so you should really have an enterprise experience.

I am now one of the FishCAT test leads for Oracle GlassFish.
It's a community driven program.
Have a look. http://wiki.glassfish.java.net/Wiki.jsp?page=FishCAT

If you find issues please email the quality mailing list :
quality@glassfish.dev.java.net
The people there are friendly :)

We are looking for new FishCAT members, so please join

> :) I ordered the book and will start reading it. Thanks!

My pleasure, it's really a wonderful read :)

regards
Richard