Witam
Znalazłem ciekawy tutorial
http://jugojava.blogspot.com/2011/02/jdbc-security-realm-with-glassfish-and.html
JAAS.
Próbowałem zastosować do testowej aplikacji, niestety nie można się wcale zalogować, tj. zawsze kieruje na stronę niezalogowani.xhtml.
Myślę, że może to być problem z którymś z plików:
- index.xhtml
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html">
<h:head>
<title>JsfSecurityRealm1</title>
</h:head>
<h:body>
JsfSecurityRealm1
<form method="post" action="j_security_check">
<h:panelGrid columns="2">
<h:outputLabel for="j_username" value="Username" />
<input type="text" name="j_username" />
<h:outputLabel for="j_password" value="Password" />
<input type="password" name="j_password" />
<h:outputText value="" />
<h:panelGrid columns="2">
<input type="submit" name="submit" value="Login" />
<h:button outcome="index" value="Cancel" />
</h:panelGrid>
</h:panelGrid>
</form>
<!--<h:form>
<h:panelGrid>
<h:inputText id="login" value="{credentials.login}"/>
<h:inputSecret id="pass" value="{credentials.pass}"/>
</h:panelGrid>
<h:commandButton value="Zaloguj" action="{securityControler.Zaloguj(credentials.login, credentials.pass)}"/>
</h:form>-->
</h:body>
</html>
- faces-config.xml
<faces-config version="2.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd">
<managed-bean>
<managed-bean-name>groups</managed-bean-name>
<managed-bean-class>model.Groups</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<managed-bean>
<managed-bean-name>credentials</managed-bean-name>
<managed-bean-class>model.Credentials</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<managed-bean>
<managed-bean-name>persons</managed-bean-name>
<managed-bean-class>model.Persons</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<managed-bean>
<managed-bean-name>securityControler</managed-bean-name>
<managed-bean-class>model.SecurityControler</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<!--<navigation-rule>
<from-view-id>/index.xhtml</from-view-id>
<navigation-case>
<from-outcome>Porazka</from-outcome>
<to-view-id>/niezalogowany.xhtml</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>Sukces</from-outcome>
<to-view-id>/zalogowani/zalogowany.xhtml</to-view-id>
</navigation-case>
</navigation-rule>-->
<managed-bean>
<managed-bean-name>authBackingBean</managed-bean-name>
<managed-bean-class>model.AuthBackingBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
</faces-config>
- AuthBackingBean.java
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package model;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.faces.context.FacesContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
public class AuthBackingBean {
/** Creates a new instance of AuthBackingBean */
public AuthBackingBean() {
}
private static Logger log = Logger.getLogger(AuthBackingBean.class.getName());
public String logout(){
String result="index?faces-redirect=true";
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest)context.getExternalContext().getRequest();
try{
request.logout();
} catch(ServletException e){
log.log(Level.SEVERE,"Failed to logout user!", e);
result ="/loginError?faces-redirect=true";
}
return result;
}
}
- web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbc_JsfSecurityRealm1-realm</realm-name>
<form-login-config>
<form-login-page>/faces/index.xhtml</form-login-page>
<form-error-page>/faces/niezalogowany.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Zalogowani</web-resource-name>
<url-pattern>/faces/zalogowani/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINS</role-name>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
</web-app>
- sun-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/</context-root>
<security-role-mapping>
<role-name>ADMINS</role-name>
<group-name>ADMINS</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USERS</role-name>
<group-name>USERS</group-name>
</security-role-mapping>
<!--<context-root>/JsfSecurityRealm1</context-root>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>-->
</sun-web-app>
Hasła zapisane są w bazie przy użyciu szyfrowania MD5.
Konfiguracja połączenia do PostgrSql z poziomu glassfish-3.1.1 wygląda poprawnie, można ping'ować.
Próbowałem również odtworzyć projekt z pliku .war na bazie mysql.
Jeżeli wpiszę nieprawidłowe dane logowania to kieruje do katalogu /public/..., w przypadku wpisania prawidłowych danych kieruje do pliku index.xhtml.
Pozdrawiam