-
1. Re: Seam authentication without loging form
paul.dijou Nov 2, 2010 11:29 AM (in response to mtigua.mtigua.yahoo.es)Hi,
A solution could be to send the data (username and hash password) with GET. For exemple, your link from Php page send the user to the
/login.xhtml
page of your Seam application.In your file "pages.xml", you add :
<page view-id="/login.xhtml"> <param name="username" value="#{credentials.username}" /> <param name="password" value="#{credentials.password}" /> <action execute="#{identity.login()}" /> </page>
This should execute a
login()
method when the user arrive on the page. Be carefull that the method will be call each time the user go to the page."login()" method will use your "authenticate()" method, it's there where you have to validate the data and return if yes or no the user can be authenticate.
You can also add a navigation case based on the return of the "login()" to redirect the user to another page or an error page.
-
2. Re: Seam authentication without loging form
mtigua.mtigua.yahoo.es Nov 2, 2010 12:06 PM (in response to mtigua.mtigua.yahoo.es)Thank Paul! But if I send the data using GET, the password will be seen in the navigation bar. Is there any way to do the same using POST?
-
3. Re: Seam authentication without loging form
paul.dijou Nov 2, 2010 12:15 PM (in response to mtigua.mtigua.yahoo.es)Well, POST is not really more secure than GET in practice. The best way is to send your password hashed (hoping you hash your passwords).
In your Php page, you get the data from the form submitted by the user and then hash the password with an algorithm like SHA-512 before sending it with the username using GET method.
In your "authenticate()" method, you will have to get back your user from the database using #{credentials.username} and then compare the hashed version of the password with the one in database and look if it's match. If yes, then authenticate it.
-
4. Re: Seam authentication without loging form
mtigua.mtigua.yahoo.es Nov 2, 2010 4:15 PM (in response to mtigua.mtigua.yahoo.es)Thanks!!! It functions!
The authenticate() method is called but, how can I use the boolean result of this method to redirect a another page?
I have this in page.xml but it doesn´t function:
<page view-id="/paginas/inicio.xhtml">
<param name="username" value="#{credentials.username}" />
<param name="password" value="#{credentials.password}" />
<action execute="#{identity.login()}" />
<navigation from-action="#{identity.login}">
<rule if="#{identity.loggedIn}">
<redirect view-id="/paginas/busquedaBono.xhtml"/>
</rule>
</navigation>
</page>
Thanks. -
5. Re: Seam authentication without loging form
paul.dijou Nov 2, 2010 4:34 PM (in response to mtigua.mtigua.yahoo.es)Strange, it should work... I have the same navigation case in some of my applications and it works fine. Try :
<navigation from-action="#{identity.login}"> <rule if-outcome="loggedIn"> <redirect view-id="/paginas/busquedaBono.xhtml"/> </rule> </navigation>
But it's quite the same as you... Sure the authenticate method returns a
true
value ? The/paginas/busquedaBono.xhtml
is defined in the pages.xml ? -
6. Re: Seam authentication without loging form
mtigua.mtigua.yahoo.es Nov 2, 2010 5:50 PM (in response to mtigua.mtigua.yahoo.es)Thanks!!! It functions now! There was a problem with jboss. Thanks a lot!