4 Replies Latest reply on Feb 10, 2010 6:03 PM by Swen Vogel

    Two different login pages

    Swen Vogel Newbie

      Hi,


      i have developed a seam application with two separate areas one for
      operators and one for users, with different login pages here are the project folders:





      • WebContent/customerArea/login.xhtml

      • WebContent/operatorArea/login.xhtml





      I secured the two areas in pages.xml through


      login-required="true"



      In pages.xml i can only specify the login-view-id once on the pages element.


      For example:


      login-view-id="customerArea/login.xhtml" or
      login-view-id="operatorArea/login.xhtml"



      Dependent of the login-view-id customers would be redirect to the
      operatorArea/login.xhtml or operators would be redirected to the
      customerArea/long.xhml site on a org.jboss.seam.security.notLoggedIn event.


      Is there any solution or workaround for this problem?

        • 1. Re: Two different login pages
          Nikolay Elenkov Master

          You could have a page action for login.xhml that redirects to the proper place based on something (previous URL?) or you could just make your login page a multistep process.


          Btw, why to you need separate login pages?


          HTH

          • 2. Re: Two different login pages
            Swen Vogel Newbie

            First i need separate login pages because customers can authenticate with
            their customer numbers or additional informations. And the operators authenticate with a user name and password. Second the customer area has a complete different layout as the operator area.


            For the authentication process i created a custom identity component that handles the two authentication processes. I simple set the property
            "customerAuthentication" to true in the pages.xml for the customerArea/login.xhtml page.


            You mean redirects to the proper place based on something (previous URL?)
            what would be best criterion for that?. I think that the URL would be fine.


            But when i create a action that determines the specific login page via URL, how can i
            get the URL that was captured before?

            • 3. Re: Two different login pages
              Nikolay Elenkov Master

              Swen Vogel wrote on Feb 10, 2010 07:58:


              First i need separate login pages because customers can authenticate with
              their customer numbers or additional informations. And the operators authenticate with a user name and password. Second the customer area has a complete different layout as the operator area.


              If they are that different, maybe they should be two different applications? Yes, I know, it's not that easy :) Just saying




              You mean redirects to the proper place based on something (previous URL?)
              what would be best criterion for that?. I think that the URL would be fine.

              But when i create a action that determines the specific login page via URL, how can i
              get the URL that was captured before?


              Try this


              • 4. Re: Two different login pages
                Swen Vogel Newbie

                Hi,


                here is my first solution for the problem:


                First:


                I have a central login.xhtml page without any content. When the page
                is requested the loginRedirector.determinLoginViewId() method is
                called to determine the specific login page based on the captured view id.


                Seccond:


                When someone has bookmarked a specific login page the first step is not necessary.


                Third:


                My identity component has the two additional login methods for the users and operators
                that are called on the specific login pages.



                The last problem (i hope so):


                When the session expires the user is redirected to /login.xhtml.
                Because i have no captured view i have implemented the view fall back to /customerLogin.xhtml
                in the LoginRedirector. But this is only fine for customers but not for operators :-).


                So is there any way to get the view id before/of the ViewExpiredException exception? In
                this case i can redirect to this page.



                Here the relevant code snippets:




                • pages.xml:





                <pages login-view-id="/login.html" ...
                
                <page view-id="/login.xhtml">
                  <action execute="#{loginRedirector.determinLoginViewId}"/>
                
                  <navigation>
                    <redirect view-id="#{loginRedirector.loginViewId}"/>
                  </navigation>
                </page>
                
                <navigation from-action="#{identity.loginOperator}">
                  <rule if="#{identity.loggedIn}">
                     <redirect view-id="/operatorArea/home.xhtml"/>
                  </rule>
                </navigation>
                
                <navigation from-action="#{identity.loginUser}">
                  <rule if="#{identity.loggedIn}">
                     <redirect view-id="/userArea/home.xhtml"/>
                  </rule>
                </navigation>
                
                <exception class="javax.faces.application.ViewExpiredException">
                  <redirect view-id="/login.xhtml">
                     <message severity="warn">Your session has timed out, please try again</message>
                  </redirect>
                </exception>
                ...





                • LoginRedirector component:




                @Name("loginRedirector")
                @Scope(ScopeType.CONVERSATION)
                public class LoginRedirector {
                
                    @In
                    private Redirect redirect;
                
                    private String loginViewId;
                
                    public void determinLoginViewId() {
                        String view = redirect.getViewId();
                
                        // Disable conversation propagation, otherwise a open
                        // conversation exists after the login procedure.
                        redirect.setConversationPropagationEnabled(false);
                
                            if (view != null) {
                                if (view.contains("customerArea")) {
                                    loginViewId = "/customerLogin.xhtml";
                                }else (view.contains("operatorArea")) {
                                     loginViewId = "/operatorLogin.xhtml";
                                }
                             } else {
                                // Fallback if someone makes a request to /login.xhtml.
                                loginViewId = "/customerLogin.xhtml";
                                redirect.setViewId(loginViewId);
                             }
                     }
                
                     public String getLoginViewId() {
                          return loginViewId;
                     }
                
                }