Https on JSF 2, for secure resources and login

Question

Https on JSF 2, for secure resources and login

I have a managed bean with 2 attributes: userName and password (with its corresponding retrieval and configuration methods) and a login() method that accesses the database to verify login credentials.

My question is: when the user clicks the "Login" button, the action must go through the https protocol. How can I achieve this with JSF 2?

In addition, if I want some Faces to be protected (via https), how can I achieve this? Is there a filter that allows me to do this?

Thanks in advance.

+7

java https jsf-2 servlet-filters

Buhake sindi Apr 1 '11 at 12:54

source share

1 answer

Matt handy · Accepted Answer · 2011-04-01T13:06:24+0000

You can define the security restriction in the web.xml of your application:

 <security-constraint> <web-resource-collection> <web-resource-name>SecureConnection</web-resource-name> <url-pattern>*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint/> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

Adapt the url template to contain the login page and all other secure pages. The use of https is determined by the restriction of user data.

From the Java EE tutorial :

If you specify CONFIDENTIAL or INTEGRAL as a security restriction, this usually means that SSL is required and applies to all requests that match the URL patterns in the Internet resource collection, and not just the login dialog.

If you wrote your own login () method and use Glassfish, you can look at container-based authentication with JDBCRealm as an alternative login approach.

Https on JSF 2, for secure resources and login

More articles: