Part 1 of this tutorial demonstrated how to implement a login module using JAAS + Tomcat 7. This next segment shows how to create a login form and call the login module.
Folder Structure:
/login.xhtml
/error.xhtml
/protected/index.html (protected via our web.xml file)
Simple JSF login page
The following is a simple form used to submit the username and password to a backing bean called loginBean. The form uses HTML5 passthrough elements, as well as built in JSF validators on the input fields. All errors are displayed using the h:messages output.
<h:form> <h3>Please sign in</h3> <h:inputText id="username" value="#{loginBean.username}" required="true" requiredMessage="Please enter your username" p:placeholder="Username" p:autofocus="true"> <f:validateLength maximum="50" minimum="3" /> </h:inputText> <h:inputSecret id="password" value="#{loginBean.password}" required="true" requiredMessage="Enter your password" p:placeholder="Password"> <f:validateLength maximum="20" minimum="3" /> </h:inputSecret> <h:messages/> <h:commandButton type="submit" value="Sign in" id="submit" action="#{loginBean.login()}"/> </h:form>
Calling the login module
Once the form passes validation the login() action is called. The login action uses the submitted username / password to request a login from the servlet container. This will call the login module created in part 1 of this tutorial. If the request.login() servlet request fails, it throws a LoginException which is caught in the form of a ServletException below. If the login succeeds then the user is redirected to the protected page.
@ManagedBean(name = "loginBean") @ViewScoped public class LoginBean implements Serializable { private static final long serialVersionUID = 1L; private String username; private String password; /** * * @return */ public String login() { try { // Get the current servlet request from the facesContext FacesContext ctx = FacesContext.getCurrentInstance(); HttpServletRequest request = (HttpServletRequest) ctx.getExternalContext().getRequest(); // Do login from the container (will call login module) request.login(username, password); return "/protected/index.xhtml?faces-redirect=true"; } catch (ServletException ex) { FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "An Error Occured: Login failed", null)); Logger.getLogger(LoginBean.class.getName()).log(Level.SEVERE, null, ex); } return "login.xhtml"; } /** * @return the username */ public String getUsername() { return username; } /** * @param username the username to set */ public void setUsername(String username) { this.username = username; } /** * @return the password */ public String getPassword() { return password; } /** * @param password the password to set */ public void setPassword(String password) { this.password = password; } }
This concludes the configuration and implementation of JAAS container managed security. The original working copy of the complete project is available on Github.