2 Replies Latest reply on Jun 20, 2012 5:43 AM by ionutvaidianu

    FORM based auth not working with JSF/XHTML page

    ionutvaidianu Newbie

      THE PROBLEM: FORM based authentication is not working when the login form is submitted from a JSF/XHTML page, but it does when the form is submitted from a JSP page.


      DESCRIPTION: The security realm and domain are configured with a "Database" login module, the security contraint is defined in the web.xml of the project / WAR and the authentication method is set to FORM in web.xml. The login and error pages are set also in web.xml.


      We have two test cases:

           A.: The login page is a JSP page (bellow) -> the authantication is working fine


      <html><head><title>Login Page</title></head>



              <font size='5' color='blue'>Please Login</font><hr>


              <form action='j_security_check' method='post'>





                              <input type='text' name='j_username'>







                              <input type='password' name='j_password' size='8'>







                  <input type='submit' value='login'>






           B.: The login page is a JSF page (bellow) -> the authentication is not working, the browser gets redirected to the login page after each attempt and in the log I get the message: "authentication failed test()a".


           The template in the apge bellow is the template generated in a standard RichFaces project created with JB Tools in Eclipse. In any case, even with a XHTML page that does not have templates the behavior is the same.


      <!DOCTYPE html>

      <html lang="en">


      <ui:composition template="/WEB-INF/templates/desktop.xhtml" xmlns:ui="http://java.sun.com/jsf/facelets"

          xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:a4j="http://richfaces.org/a4j"

          xmlns:rich="http://richfaces.org/rich" xmlns:my="http://java.sun.com/jsf/composite/components">


          <ui:define name="content">

              <h:messages />

              <h:form id="loginForm" method="post" action="j_security_check">

                  <h:panelGrid id="panel" columns="2" border="0">

                      <f:facet name="header">

                          <h:outputText value="Login" />


                      <h:outputLabel value="User" />

                      <input type="text" name="j_username" size="25" />

                      <h:outputLabel value="Password" />

                      <input type="password" size="15" name="j_password" />

                      <f:facet name="footer">

                          <h:panelGroup style="display:block; text-align:center">

                              <input type="submit" value="Log In" />










      Is this a known limitation or some sort of bug?