Redirect after Realm authentication on Glassfish

◇◆丶佛笑我妖孽 提交于 2020-01-14 01:42:49

问题


I'm currently running a JPA/EJB/JSF application on Glassfish and using the security JDBC realm for authentication. The realm works pretty well, fulfilling the requirements, until the customer asked for a small change on the navigation.

Today, if you try to access a protected page, the authentication mechanism will redirect you to a login page specified in the web.xml. Perfect! Once the authentication is successful, you are redirected back to the page you were trying to access. Fair enough. However, the customer decided that after every successful authentication, the user should be redirected to the home page instead, no matter which page he/she was trying to access before. The question is, how can we change the realm in order to be redirected to a fixed page after every successful authentication?


回答1:


You can't. The container managed authentication doesn't allow that fine grained configuration (which is exactly why 3rd party authentication frameworks like Apache Shiro and Spring Security exist).

Your best bet is to replace the container managed login by a programmatic login. Change the <form action="j_security_check"> by a <h:form> which submits to a JSF action method like this

public void login() throws IOException {
    FacesContext context = FacesContext.getCurrentInstance();
    ExternalContext externalContext = context.getExternalContext();
    HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();

    try {
        request.login(username, password);
        externalContext.redirect(homepageURL);
    } catch (ServletException e) {
        context.addMessage(null, new FacesMessage("Unknown login"));
    }
}

See also:

  • Performing user authentication in Java EE / JSF using j_security_check


来源:https://stackoverflow.com/questions/14279453/redirect-after-realm-authentication-on-glassfish

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!