Java Reference
In-Depth Information
HttpServetRequest request = (HttpServletRequest)
context.getExternalContext().getRequest();
try {
request.logout();
} catch (ServletException e) {
...
context.addMessage(null, new FacesMessage("Logout failed."));
}
}
}
The Facelets form then calls these methods for user login and logout.
<h:form>
<h:outputLabel for="usernameInput">
#{bundle['login.username']:
</h:outputLabel>
<h:inputText id="usernameInput" value="#{loginBean.username}"
required="true" />
<br />
<h:outputLabel for="passwordInput">
#{bundle['login.password']:
</h:outputLabel>
<h:inputSecret id="passwordInput" value="#{loginBean.password}"
required="true" />
<br />
<h:commandButton value="${bundle['login.submit']"
action="#{loginBean.login}" />
</h:form>
Using the JDBC Realm for User Authentication
An authentication realm, sometimes called a
security policy domain
or
security domain
, is
a scope over which an application server defines and enforces a common security policy.
A realm contains a collection of users, who may or may not be assigned to a group.
GlassFish Server comes preconfigured with the file, certificate, and administration realms.
An administrator can also set up LDAP, JDBC, digest, or custom realms.
An application can specify in its deployment descriptor which realm to use. If the applic-
ation does not specify a realm, GlassFish Server uses its default realm, the file realm. If
an application specifies that a JDBC realm is to be used for user authentication,GlassFish
Server will retrieve user credentials from a database. The application server uses the data-
base information and the enabled JDBC realm option in the configuration file.
