User authentication using servlet 3.0 login in Jsf 2 not working
Trying to create an application with a login page and using the Servlet 3.0 login method. I have defined the realm in tomcat and configured web.xml accordingly. But when I try to access any page even login page, it does not get rendered and I can see JSF tags in the code. I don't know if I am missing something. Details are as follow Following is the what I have placed in web.xml.
<security-constraint>
<display-name>Restricted</display-name>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>/faces/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</开发者_StackOverflowrole-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/index.xhtml</form-login-page>
<form-error-page>/index.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
Following is the realm defined in tomcat
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/db_name?user=user&password=password"
userTable="users" userNameCol="username" userCredCol="userpass"
userRoleTable="user_roles" roleNameCol="rolename" digest="MD5"/>
The code for login is
public String login(){
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
try {
//Login via the Servlet Context
request.login(username, password);
return "success";
} catch (ServletException e) {
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "Invalid Login", null));
e.printStackTrace();
}
return "failure";
}
Let me know I am doing anything wrong
Update Thanks guys it started to work. I had to change some url mappings in the web.xml and rearrange folders for security settings. Currently It is working but now just having a weird issue. I have defined
<form-login-config>
<form-login-page>/index.xhtml</form-login-page>
<form-error-page>/index.xhtml</form-error-page>
</form-login-config>
And now web.xml show an error on
<form-login-page>
and complains that
Description Resource Path Location Type error: Attribute form-error-page references to /index.jsp that does not exist in web content web.xml /XXXX/WebContent/WEB-INF
I have no idea where this is coming from as I am not using any jsp file. Any clues
So, the FacesServlet has not been invoked. This means that the URL of the login page did not match the URL pattern of the FacesServlet as you've definied in web.xml. According to the URL pattern of your restricted area which is been set on /faces/*, I'll assume that it is the same URL pattern as you've definied for the FacesServlet.
So, fix it accordingly:
<form-login-page>/faces/index.xhtml</form-login-page>
<form-error-page>/faces/index.xhtml</form-error-page>
However, I would suggest to use a mapping of the FacesServlet on *.xhtml instead, so that you never need to worry about putting /faces in the path nor that the enduser would be able to see raw JSF source code whenever the enduser removes /faces from the URL in browser address bar.
Update: That's an IDE-specific validation error. The IDE which you're using is pretending to be smarter than it actually is. If your webapp runs and works fine, just ignore it. You can if necessary shut up the IDE XML validation in its preferences.
Set
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
in the web.xml and change (in the <security-constraint> section)
<url-pattern>/faces/*</url-pattern>
to
<url-pattern>/*</url-pattern>
加载中,请稍侯......
精彩评论