0 Replies Latest reply on Jul 22, 2013 12:51 PM by kamaladafrica

    Web filter

    kamaladafrica
    kamaladafrica Jul 22, 2013 12:51 PM

      Hi all,

      I'm developing a simple JSF2/CDI web application with authentication support to deploy on openshift.

      So I need to use picketlink 2.5.0.Beta5 (is this the best choice?).

       

      The problem is the AuthenticationFilter.

      I configured the filter as this:

       

      {code:xml}
      <filter>
          <filter-name>Security Filter</filter-name>
          <filter-class>org.picketlink.authentication.web.AuthenticationFilter</filter-class>
          <init-param>
              <param-name>authType</param-name>
              <param-value>FORM</param-value>
          </init-param>
          <init-param>
              <param-name>form-login-page</param-name>
              <param-value>login.xhtml</param-value>
          </init-param>
          <init-param>
              <param-name>form-error-page</param-name>
              <param-value>login.xhtml?error=1</param-value>
          </init-param>
      </filter>
      <filter-mapping>
          <filter-name>Security Filter</filter-name>
          <url-pattern>/private/*</url-pattern>
      </filter-mapping>
      {code}

       

      But it shows the login page only once, even though I reload the page in the browser.

      If the login is successful the filter returns an empty page (it breaks the filter chain).

       

      I figured out that this behaviour depends on the value of the state variable and postAuthentication method in the FormAuthenticationScheme class.

      After the login page is shown the first time, the postAuthentication method always returns false.

       

      I can't figure out if there is a bug in picketlink or I misconfigured the filter.

       

      Can somebody help me?

      • 217 Views
      • Tags: