10 Replies Latest reply on Jan 18, 2008 11:42 AM by hubaghdadi

    Two login pages/methods

    hubaghdadi

      Hi.
      My application has two primary sub-sites:
      The first is used by the public which it requires signin/login operations, the second is used by the application administrators.
      Is it possible to configure Seam to employ two different login pages and login methods?
      Thanks.

        • 1. Re: Two login pages/methods
          nickarls

          Hmmm, would it be possible to use a normal authenticator method and there redirect to the appropriate login page based on some examination of the incoming request?

          • 2. Re: Two login pages/methods
            hubaghdadi

            Isn't look overkill?
            The admin has to provide his credentials twice?

            • 3. Re: Two login pages/methods

              I use Roles for this situation. Presumably you have some field in the database which indicates if someone is a user or an admin. If so then you can add an appropriate role in the Authenticate method of the Authenticator and have something like this in your login.page.xml:

              <page>
               <navigation from-action="#{identity.login}">
               <rule if="#{identity.loggedIn and identity.hasRole('admin')}">
               <redirect view-id="/admin/HomePage.xhtml"/>
               </rule>
               <rule if="#{identity.loggedIn}">
               <redirect view-id="/user/HomePage.xhtml"/>
               </rule>
               </navigation>
              </page>


              • 4. Re: Two login pages/methods
                hubaghdadi

                What if the public site requires username/password combination and admin site requires Employee ID (which means difference login page)?
                Sorry, I'm not trying to annoying, I just like to know to handle those cases.

                • 5. Re: Two login pages/methods

                  Oh right, I see what you're trying to do now :-)

                  I think what I would do is take the username / password and in the Authenticate method try and validate it as both a user and an admin and then set the role to whichever one it validates as.

                  Obviously the one assumption here is that there will never be a user with the same user name as an existing employee ID but you could put measures in place to prevent this.

                  • 6. Re: Two login pages/methods
                    hubaghdadi

                    Well, I think you will kill me soon :)
                    Login page for the public contains: username and password fields.
                    Login page for the admin contains: EmployeeID only
                    Two different pages dude :D

                    • 7. Re: Two login pages/methods
                      pmuir

                      No, but you could file a feature request for the ability to have different login-view-id's specified on page elements in pages.xml.

                      You would still need to deal with authenticate as Dave suggests.

                      • 8. Re: Two login pages/methods
                        shane.bryzak

                        Extend Identity (the security chapter of the docs describes how to do this) and add an EmployeeID property to it. You'll also need to override the isCredentialsSet() method and probably some other stuff as well. Then your authenticator simply checks to see what is set (either username/password or employeeId) and authenticates accordingly.

                        • 9. Re: Two login pages/methods

                           

                          "hubaghdadi" wrote:
                          Well, I think you will kill me soon :)
                          Login page for the public contains: username and password fields.
                          Login page for the admin contains: EmployeeID only
                          Two different pages dude :D

                          I still think my method would work, both different pages can use the same Authenticator, the only proviso would be that you would need to pass the EmployeeID as the username and in this case the password would be blank. Again you can check for the relevant details in the database to determine which is which.

                          Incidentally are you saying that your general users require to enter password but that your admin users don't?!

                          ...or just do like Shane says :-)

                          • 10. Re: Two login pages/methods
                            hubaghdadi

                             

                            "david.spark" wrote:

                            Incidentally are you saying that your general users require to enter password but that your admin users don't?!

                            ...or just do like Shane says :-)

                            What I'm saying that the public users have two fields to fill and the administrators have only one field (which it could be a secret code given by their manager).
                            Maybe my original question doesn't live in the real world, but I just liked to know how to solve such cases....