This content has been marked as final.
Show 1 reply
-
1. Re: automated login via special link
superfis Jun 25, 2009 4:36 PM (in response to ajanz)I've done it like this:
page under protection is /secure/hidded.xhtml
pages.xml
<page view-id="/*"> <param name="authKey" value="#{urlAuthenticator.authKey}" /> <action execute="#{urlAuthenticator.authenticate( urlAuthenticator.authKey )}" on-postback="false" if="#{!identity.loggedIn}" /> </page> <page view-id="/secure/*" login-required="true"> </page> <page view-id="/secure/hidden.xhtml"> </page>
UrlAuthenticator.java
@Name( "urlAuthenticator" ) @AutoCreate public class UrlAuthenticator { @Logger private Log log; @In Identity identity; @In Credentials credentials; @In private UrlAuthVerificationService urlAuthVerificationService; @RequestParameter private String authKey; public boolean authenticate( String key ) { log.info( "url authentication with authKey == '{0}'", key ); #1 VerifiedUserCredentials vuc = urlAuthVerificationService.verifyUrlKey( key ); if ( vuc.isAuthenticated( ) ) { credentials.setUsername( vuc.getUsername( ) ); credentials.setPassword( vuc.getPassword( ) ); identity.addRole( vuc.getRole( ) ); #2 String textResult = boolean result = identity.login( ); boolean result = textResult.equals( "loggedIn" ) ? true : false; log.info( "authentication {0}", result ? "succeeded" : "failed" ); return result; } log.info( "key verification failed" ); return false; } public String getAuthKey( ) { return authKey; } public void setAuthKey( String authKey ) { this.authKey = authKey; } }
code explanation
#1 - I'm reading from DB a username, password and role for a given authKey (delivered as url parameter)
#2 - login to the systemand that's it.
For me it's working but there is one little disadventage - I'm receiving in page /secure/hidden.xhtml faces messages:
* Please log in first * Welcome, admin!
and I don't know how to get rid of these messages.