Is it possible to restore the PicketLink "original request" when using a custom faces Login page and CDI backing bean? Using PicketLink IDM, JPA, and Simple Authenticator Login Page but Unable restoreOriginal Request.
bstevenson May 3, 2015 4:37 PMPicketLink Usage Scenario
User requests a webpage located in a PicketLink protected folder. When PicketLink detects reqeust for a protected folder, it invokes a faces login.xhtml page which passes username and password to a custom CDI backing bean that invokes AuthenticationResult result = identity.login(). Upon authentication failed I need to display a unique faces error message then let the user retry the authentication. However, once authentication is successful I then want to display a faces successful message and be able to restore the user's original webpage "request" and redirect to that original page. Where can I retrieve the originally request page name? Is it kept in a request cache that I can retrieve it from?
Any insight would be appreciated.
login.xhtml
<?xml version="1.0" encoding="UTF-8"?>
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:p="http://primefaces.org/ui"
template="/ui/templates/layout1.xhtml">
<ui:param name="pageHeading" value="Login1" />
<ui:param name="pageTitle" value="Login1" />
<ui:define name="center">
<p:panel header="Website Authentication Login1"
rendered="#{not identity.loggedIn}"
style="width: 50%; background-color: #FFFACD;">
<h:panelGrid columns="2">
<p:outputLabel for="name" value="Username:" />
<p:inputText id="name" value="#{loginCredentials.userId}"
required="true" />
<p:outputLabel for="password" value="Password:" />
<p:password id="password" value="#{loginCredentials.password}"
redisplay="true" required="true" />
<h:panelGroup></h:panelGroup>
<h:panelGroup>
<p:outputLabel
value="Login with any of the following username/password combinations. Each of these accounts has different privileges assigned to them." />
<h:panelGrid columns="1" style="padding-left: 15px;">
<p:outputLabel value="john/demo">
</p:outputLabel>
<p:outputLabel value="mary/demo">
</p:outputLabel>
<p:outputLabel value="jane/demo">
</p:outputLabel>
</h:panelGrid>
</h:panelGroup>
</h:panelGrid>
<f:facet name="footer">
<p:commandButton id="login" value="Login1"
action="#{securityController.login}" ajax="false" />
</f:facet>
</p:panel>
</ui:define>
</ui:composition>
CDI Backing Bean
import java.io.Serializable;
import java.util.Date;
import javax.inject.Inject;
import javax.inject.Named;
import org.jboss.logging.Logger;
import org.omnifaces.util.Messages;
import org.picketlink.Identity;
import org.picketlink.Identity.AuthenticationResult;
/**
* Bean used to control authentication process so that in the event of a failed
* authentication display an appropriate FacesMessage.
*/
@Named
@javax.enterprise.context.RequestScoped
public class SecurityController implements Serializable {
private static final long serialVersionUID = 1L;
@Inject
private Identity identity;
private static final Logger logger = Logger.getLogger("application");
public String login() {
AuthenticationResult result = identity.login();
if (AuthenticationResult.FAILED.equals(result)) {
logger.info("Login unsuccessful");
Messages.addGlobalError("Authentication was unsuccessful - invalid username/password; "
+ new Date());
return "goto.login";
} else {
logger.info("Login successful");
Messages.addFlashGlobalInfo("Login successful; " + new Date());
/*
* Is there some way to to find and restore from requestCache the name of the caller's original web page request?
*/
return ? = restoreOrignalRequest;
}
}
}
PicketLink HTTP Configuration
import javax.enterprise.event.Observes;
import org.picketlink.config.SecurityConfigurationBuilder;
import org.picketlink.event.SecurityConfigurationEvent;
public class HttpSecurityConfiguration {
public void onInit(@Observes SecurityConfigurationEvent event) {
SecurityConfigurationBuilder builder = event.getBuilder();
builder
.http()
.allPaths()
.authenticateWith()
.form()
.authenticationUri("/login.xhtml")
.loginPage("/login.xhtml")
.errorPage("/error.xhtml")
.restoreOriginalRequest()
.forPath("/javax.faces.resource/*")
.unprotected()
.forPath("/logout")
.logout()
.redirectTo("/home.xhtml")
.forPath("/home.xhtml")
.unprotected();
}
}