Java EE Security: Advanced Topics - The Java EE 6 Tutorial: Advanced Topics

Java Reference

In-Depth Information

Concepts , Java EE security defines the j_security_check action for login forms.

This allows the web container to authenticate users from many different web application

resources. Facelets forms, using the h:form , h:inputText , and h:inputSecret

tags, however, generate the action and input IDs automatically, which means developers

are unable to specify j_security_check as the form action, nor can they set the user

name and password input field IDs to j_username and j_password , respectively.

Using standard HTML form tags allows developers to specify the correct action and input

IDs for the form.

...

</form>

This form, however, doesn't have access to the features of a JavaServer Faces application,

such as automatic localization of strings and the use of templating to define the look and

feel of the pages. A standard HTML form, in combination with Facelets and HTML tags,

allows developers to use localized strings for the input field labels while still ensuring the

form uses standard Java EE security:

<h:outputLabel

for="j_username">#{bundle['login.username']}:</h:outputLabel>

<h:inputText id="j_username" size="20" />

<h:outputLabel

for="j_password">#{bundle['login.password']}:</h:outputLabel>

<h:inputSecret id="j_password" size="20"/>

</form>

Using a Managed Bean for Authentication in JavaServer Faces Applications

A managed bean can authenticate users of a JavaServer Faces application, which allows

regular Facelets form tags to be used instead of a mix of standard HTML and Facelets

tags. In this case, the managed bean defines login and logout methods, and Facelets

forms call these methods in the action attribute. The managed bean's methods call

the javax.servlet.http.HttpServletRequest.login and HttpSer-

vletRequest.logout methods to manage user authentication.

Search WWH ::

Custom Search

Home