6 Replies Latest reply on Nov 2, 2010 5:50 PM by Mario Tigua

    Seam authentication without loging form

    Mario Tigua Newbie

      Hello everybody,


      I have a php page that has a link that points to seam page. The login page is part of the php project. When I press the link a have to send user and password to seam project and I need to validate those data. If login data is OK I have to show the seam page otherwise I have to show error page.


      I know that authentication in Seam is posible thru restrict tag and dentity.loggedIn , but how I can do this without a seam login page?


      Thanks in advance,
      Mario.

        • 1. Re: Seam authentication without loging form
          Paul Dijou Newbie

          Hi,


          A solution could be to send the data (username and hash password) with GET. For exemple, your link from Php page send the user to the /login.xhtml page of your Seam application.


          In your file "pages.xml", you add :




          <page view-id="/login.xhtml">
               <param name="username" value="#{credentials.username}" />
               <param name="password" value="#{credentials.password}" />
               <action execute="#{identity.login()}" />
          </page>



          This should execute a login() method when the user arrive on the page. Be carefull that the method will be call each time the user go to the page.


          "login()" method will use your "authenticate()" method, it's there where you have to validate the data and return if yes or no the user can be authenticate.


          You can also add a navigation case based on the return of the "login()" to redirect the user to another page or an error page.

          • 2. Re: Seam authentication without loging form
            Mario Tigua Newbie

            Thank Paul! But if I send the data using GET, the password will be seen in the navigation bar. Is there any way to do the same using POST?






            • 3. Re: Seam authentication without loging form
              Paul Dijou Newbie

              Well, POST is not really more secure than GET in practice. The best way is to send your password hashed (hoping you hash your passwords).


              In your Php page, you get the data from the form submitted by the user and then hash the password with an algorithm like SHA-512 before sending it with the username using GET method.


              In your "authenticate()" method, you will have to get back your user from the database using #{credentials.username} and then compare the hashed version of the password with the one in database and look if it's match. If yes, then authenticate it.

              • 4. Re: Seam authentication without loging form
                Mario Tigua Newbie
                Thanks!!! It functions!

                The authenticate() method is called but, how can I use the boolean result of this method to redirect a another page?

                I have this in page.xml but it doesn´t function:


                        <page view-id="/paginas/inicio.xhtml">
                                <param name="username" value="#{credentials.username}" />
                                <param name="password" value="#{credentials.password}" />
                                <action execute="#{identity.login()}" />
                                <navigation from-action="#{identity.login}">
                                        <rule if="#{identity.loggedIn}">
                                                <redirect view-id="/paginas/busquedaBono.xhtml"/>
                                        </rule>
                                </navigation>
                        </page>

                Thanks.
                • 5. Re: Seam authentication without loging form
                  Paul Dijou Newbie

                  Strange, it should work... I have the same navigation case in some of my applications and it works fine. Try :




                  <navigation from-action="#{identity.login}">
                       <rule if-outcome="loggedIn">
                            <redirect view-id="/paginas/busquedaBono.xhtml"/>
                       </rule>
                  </navigation>





                  But it's quite the same as you... Sure the authenticate method returns a true value ? The /paginas/busquedaBono.xhtml is defined in the pages.xml ?


                  • 6. Re: Seam authentication without loging form
                    Mario Tigua Newbie

                    Thanks!!! It functions now! There was a problem with jboss. Thanks a lot!