2 Replies Latest reply on Jun 20, 2012 5:43 AM by ionutvaidianu

    FORM based auth not working with JSF/XHTML page

    ionutvaidianu Newbie

      THE PROBLEM: FORM based authentication is not working when the login form is submitted from a JSF/XHTML page, but it does when the form is submitted from a JSP page.

       

      DESCRIPTION: The security realm and domain are configured with a "Database" login module, the security contraint is defined in the web.xml of the project / WAR and the authentication method is set to FORM in web.xml. The login and error pages are set also in web.xml.

       

      We have two test cases:

           A.: The login page is a JSP page (bellow) -> the authantication is working fine

       

      <html><head><title>Login Page</title></head>

       

          <body>

              <font size='5' color='blue'>Please Login</font><hr>

       

              <form action='j_security_check' method='post'>

                  <table>

                       <tr>

                          <td>Name:</td>

                          <td>

                              <input type='text' name='j_username'>

                          </td>

                      </tr>

       

                      <tr>

                          <td>Password:</td>

                          <td>

                              <input type='password' name='j_password' size='8'>

                          </td>

                       </tr>

                  </table>

                 

                  <br>

                 

                  <input type='submit' value='login'>

              </form>

          </body>

      </html>

       

       

           B.: The login page is a JSF page (bellow) -> the authentication is not working, the browser gets redirected to the login page after each attempt and in the log I get the message: "authentication failed test()a".

       

           The template in the apge bellow is the template generated in a standard RichFaces project created with JB Tools in Eclipse. In any case, even with a XHTML page that does not have templates the behavior is the same.

       

      <!DOCTYPE html>

      <html lang="en">

       

      <ui:composition template="/WEB-INF/templates/desktop.xhtml" xmlns:ui="http://java.sun.com/jsf/facelets"

          xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:a4j="http://richfaces.org/a4j"

          xmlns:rich="http://richfaces.org/rich" xmlns:my="http://java.sun.com/jsf/composite/components">

         

          <ui:define name="content">

              <h:messages />

              <h:form id="loginForm" method="post" action="j_security_check">

                  <h:panelGrid id="panel" columns="2" border="0">

                      <f:facet name="header">

                          <h:outputText value="Login" />

                      </f:facet>

                      <h:outputLabel value="User" />

                      <input type="text" name="j_username" size="25" />

                      <h:outputLabel value="Password" />

                      <input type="password" size="15" name="j_password" />

                      <f:facet name="footer">

                          <h:panelGroup style="display:block; text-align:center">

                              <input type="submit" value="Log In" />

                          </h:panelGroup>

                      </f:facet>

                  </h:panelGrid>

              </h:form>

          </ui:define>

      </ui:composition>

       

      </html>

       

      Is this a known limitation or some sort of bug?