9 Replies Latest reply on Nov 14, 2006 12:07 AM by Yogesh

    JSF Form Authentication using JAAS DatabaseServerLoginModule

    Yogesh Novice

      Hi all,
      I am developing an application using the following Seam 1.0.1.GA, Hibernate, Facelet, Ajax


      I have managed to get the DatabaseServerLogin Module working with FORM based Authentication. The only problem is that i need a Facelet/JSF compatible form (which is composed of a template) to do the submission for j_username and j_password to the DatabaseServerLoginModule.

      Any idea of how to implement this. I have tried the Security/JAAS Forums and a possible workaround described at http://groundside.com/blog/DuncanMills.php?title=container_managed_security_for_jsf_no_th&more=1&c=1&tb=1&pb=1#comments but failed to get it working with JSF / Facelet.


      Regards,
      Jankee Yogesh
      http://www.m-itc.net

        • 1. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
          Pete Muir Master

          Use an html form:

          <ui:composition template="blah.xhtml">
           <form action="j_security_check" method="post">
           <label for="j_username">Input User Name:</label>
           <input type="text" name="j_username" />
           <br />
           <label for="j_password">Password:</label>
           <input type="password" name="j_password" />
           <br />
           <input type="submit" value="Login" id="Submit" />
           </form>
          </ui:composition>


          Just make sure that the templates don't contain h:form etc.

          • 2. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
            Yogesh Novice

            Hello Peter,
            Thnx for replying....Before implementing your suggestion, i would like to know if we can implement something like ResourceBundles with plain HTML as i am developing an application with multilanguage support.

            Regards,
            Jankee Yogesh
            http://www.m-itc.net

            • 3. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
              Pete Muir Master

              Of course, facelets interprets html as 'just another namespace' and parses it exactly the same:

              <ui:composition template="blah.xhtml">
               <form action="j_security_check" method="post">
               <label for="j_username">#{messages['username']}</label>
               <input type="text" name="j_username" />
               <br />
               <label for="j_password">#{messages['password']}</label>
               <input type="password" name="j_password" />
               <br />
               <input type="submit" value="#{messages['login']}" id="Submit" />
               </form>
              </ui:composition>


              • 4. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
                Yogesh Novice

                Hello Peter,
                It seems that the page is not being correctly rendered....


                This is the code for the "template.xhtml"

                
                <?xml version="1.0" encoding="utf-8"?>
                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
                 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                <html xmlns="http://www.w3.org/1999/xhtml"
                 xmlns:ui="http://java.sun.com/jsf/facelets"
                 xmlns:h="http://java.sun.com/jsf/html"
                 xmlns:f="http://java.sun.com/jsf/core">
                <head>
                 <f:loadBundle basename="messages" var="msgs" />
                 <f:loadBundle basename="settings" var="settings" />
                 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
                 <title></title>
                
                <style type="text/css" media="all">
                 @import "style/default/screen.css";
                </style>
                
                </head>
                
                <body id="pgMainMenu">
                
                 <f:loadBundle basename="messages" var="msg"/>
                
                 <div id="document">
                 <ui:insert name="banner">
                 <div id="header"><span>#{msg.BannerText}</span></div>
                 </ui:insert>
                
                
                 <ui:insert name="topnav">
                 <div id="nav">
                 <ui:include src="/menu.xhtml" />
                 </div>
                 </ui:insert>
                
                
                 <div id="container">
                 <ui:insert name="container">
                 Body Content Should go here ....
                 </ui:insert>
                 </div>
                
                 <div id="footer">
                 <ui:insert name="footer">
                 <hr/>
                 #{msg.FooterText}
                 </ui:insert>
                
                 </div>
                
                 </div>
                
                
                
                </body>
                </html>
                
                
                





                Below is the code for the login.html

                
                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
                 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                <html xmlns="http://www.w3.org/1999/xhtml"
                 xmlns:s="http://jboss.com/products/seam/taglib"
                 xmlns:ui="http://java.sun.com/jsf/facelets"
                 xmlns:f="http://java.sun.com/jsf/core"
                 xmlns:h="http://java.sun.com/jsf/html"
                 xmlns:si="http://sourceforge.net/projects/easysi"
                 xmlns:t="http://myfaces.apache.org/tomahawk">
                
                <body>
                
                <ui:composition template="template.xhtml">
                
                
                 <ui:define name="topnav">
                
                 </ui:define>
                
                 <ui:define name="container">
                
                 <f:loadBundle basename="Login" var="LoginBundle" />
                
                 <div class="formContainer">
                
                 <form action="j_security_check" method="post">
                 <label for="j_username">#{messages['Username']}</label>
                 <input type="text" name="j_username" />
                 <br />
                 <label for="j_password">#{messages['Password']}</label>
                 <input type="password" name="j_password" />
                 <br />
                 <input type="submit" value="#{messages['LoginButton']}" id="Submit" />
                 </form>
                
                
                 </div>
                
                
                
                
                 </ui:define>
                
                </ui:composition>
                </body>
                </html>
                
                
                
                
                





                But neither is the resource bundle working nor is the page correctly rendered. I only get a plain HTML page with the username and password controls !!

                Is there anything wrong in my template or xhtml file ??


                Thnx fore helping !!


                Regards,
                Jankee Yogesh
                http://www.m-itc.net

                • 5. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
                  Norman Richards Master

                  It looks to me like you named your bundle "LoginBundle" but are trying to access it as "messages".

                  • 6. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
                    Pete Muir Master

                    I was assuming the use of the Seam message bundle set up as in the examples/ref doc not the use of JSF f:loadBundle.

                    • 7. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
                      Gavin King Master

                      Don't use f:loadBundle with Seam, its really ugly, and MUCH less powerful. Use the Seam resource bundle.

                      • 8. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
                        Yogesh Novice

                        Thnx All for your tips ......And any idea why the page template I am using is not being correctly rendered ??

                        My idea behind using JSF/Facelet was to have validations associated with the username and password controls itself as i dont want error messages on a seperate error page ... but i guess i would have to use it !!

                        The only problem with my approach for now is the template problem....I cannot figure out why it is not rendred properly !! Otherwise Seam does a wonderful job.


                        Regards,
                        Jankee Yogesh
                        http://www.m-itc.net

                        • 9. Re: JSF Form Authentication using JAAS DatabaseServerLoginMo
                          Yogesh Novice

                          Ok the resource bundle and JAAS is working perfectly ...... The only problem is that the page is rendered without any styles being displayed although the template used is correctly rendered with other pages !! When i looked at the source in my browser i found that the stylesheet imports have been commented as shown below:

                          This is the source as displayed by IE:

                          
                          <?xml version="1.0" encoding="utf-8"?>
                          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
                          <html xmlns="http://www.w3.org/1999/xhtml">
                          <head>
                           <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
                           <title></title>
                          
                          <style type="text/css" media="all"><!--
                          
                           @import "style/default/screen.css";
                           @import "style/default/financialstatementprogress.css";
                           @import "style/default/overviewInfo.css";
                           @import "style/default/questionnaireheader.css";
                           @import "style/default/groupHierarchy.css";
                           @import "style/default/groupAndQuestions.css";
                          
                          --></style>
                          
                          </head>
                          
                          <body id="pgMainMenu">
                          
                           <div id="document">
                           <div id="header"><span>Banner Goes Here</span></div>
                          
                          
                           <div id="container">
                          
                           <div class="formContainer">
                          
                           <form action="j_security_check" method="post">
                           <label for="j_username">Username</label>
                           <input type="text" name="j_username" />
                           <br />
                          
                           <label for="j_password">Password</label>
                           <input type="password" name="j_password" />
                          
                           <br />
                           <input type="submit" value="Login" id="Submit" />
                           </form>
                          
                          
                           </div>
                           </div>
                          
                           <div id="footer">
                           <hr />
                           Footer Goes here ....
                          
                           </div>
                          
                           </div>
                          
                          
                          
                          </body>
                          </html>
                          
                          



                          This is my login.xhtml:
                          
                          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
                           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                          <html xmlns="http://www.w3.org/1999/xhtml"
                           xmlns:s="http://jboss.com/products/seam/taglib"
                           xmlns:ui="http://java.sun.com/jsf/facelets"
                           xmlns:f="http://java.sun.com/jsf/core"
                           xmlns:h="http://java.sun.com/jsf/html"
                           xmlns:si="http://sourceforge.net/projects/easysi"
                           xmlns:t="http://myfaces.apache.org/tomahawk">
                          
                          <head>
                           <f:loadBundle basename="messages" var="msgs" />
                           <title></title>
                          
                          
                          
                          </head>
                          
                          <body>
                          
                          <ui:composition template="/template.xhtml">
                          
                           <ui:define name="topnav">
                           <!--Navigation bar is not displayed in login page -->
                           </ui:define>
                          
                           <ui:define name="container">
                          
                           <div class="formContainer">
                          
                           <form action="j_security_check" method="post">
                           <label for="j_username">#{msgs.Username}</label>
                           <input type="text" name="j_username" />
                           <br />
                          
                           <label for="j_password">#{msgs['Password']}</label>
                           <input type="password" name="j_password" />
                          
                           <br />
                           <input type="submit" value="#{msgs['LoginButton']}" id="Submit" />
                           </form>
                          
                          
                           </div>
                          
                           </ui:define>
                          
                          
                          </ui:composition>
                          </body>
                          </html>
                          
                          
                          



                          An my template.xhtml is as follows:
                          <?xml version="1.0" encoding="utf-8"?>
                          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
                           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                          <html xmlns="http://www.w3.org/1999/xhtml"
                           xmlns:ui="http://java.sun.com/jsf/facelets"
                           xmlns:h="http://java.sun.com/jsf/html"
                           xmlns:f="http://java.sun.com/jsf/core">
                          <head>
                           <f:loadBundle basename="messages" var="msgs" />
                           <f:loadBundle basename="settings" var="settings" />
                           <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
                           <title></title>
                          
                          <style type="text/css" media="all">
                           @import "style/default/screen.css";
                          </style>
                          
                          </head>
                          
                          <body id="pgMainMenu">
                          
                           <f:loadBundle basename="messages" var="msg"/>
                          
                           <div id="document">
                           <ui:insert name="banner">
                           <div id="header"><span>#{msg.BannerText}</span></div>
                          
                           </ui:insert>
                          
                          
                           <ui:insert name="topnav">
                           <div id="nav">
                           <ui:include src="/menu.xhtml" />
                           </div>
                           </ui:insert>
                          
                          
                           <div id="container">
                           <ui:insert name="container">
                           Content goes here ...
                           </ui:insert>
                           </div>
                          
                           <div id="footer">
                           <ui:insert name="footer">
                           <hr/>
                           #{msg.FooterText}
                           </ui:insert>
                          
                           </div>
                          
                           </div>
                          
                          
                          
                          </body>
                          </html>
                          
                          
                          




                          In my web.xml, i had the following configs to specify the login form i want to use:
                           <login-config>
                           <auth-method>FORM</auth-method>
                           <form-login-config>
                           <form-login-page>/login.seam</form-login-page>
                           <form-error-page>/login_errors.html</form-error-page>
                           </form-login-config>
                           </login-config>
                          
                          




                          Is there any missing configs or is there something missing for the CSS to be correctly rendered ??


                          Regards,
                          Jankee Yogesh
                          http://www.m-itc.net