1 Reply Latest reply on Nov 27, 2014 7:11 AM by pcraveiro

Using a dialog instead of a page with HttpSecurityBuilder?

hootinholler Nov 24, 2014 1:15 PM

I'm new to Picketlink so I'm probably missing something basic. We're using 2.7.0 CR2

I have a JSF webapp that is using http form authentication which names a page as the login page containing the form and configured as:

	builder.http()
	.forPath("/logout")
	.logout()
	.redirectTo("/home.jsf")
	.forPath("/jetway/*").authenticateWith().form()
	.loginPage("/jetway/login.jsf")
	.errorPage("/jetway/error.jsf")
	.restoreOriginalRequest();

This is ok, except we now have a requirement to pop up a modal dialog to allow the user to login or redirect to the registration page.

The dialog contains an exact copy of the form contained in our login.jsf but the username and password in the DefaultLoginCredentials are null when our login method is invoked.

Substituting the page containing the form as the login page does not work. Ideally, we would put the form into our JSF template page.

Is there a way to authenticate via an AJAX call, or a way to specify a form ID.

1. Re: Using a dialog instead of a page with HttpSecurityBuilder?

pcraveiro Nov 27, 2014 7:11 AM (in response to hootinholler)

Hey Ted,

When using FORM authentication it is expected a page with a form and an action to "/j_security_check". In this case, there is no need to invoke a login method of a bean to authentication your user. PicketLink will extract both "j_username" and "j_password" from the request and automatically authenticate the user.

Now, if you are using AJAX, you may try to prepare a POST request to j_security_check passing the j_username and j_password as parameters. Or even try to use BASIC authentication.

Regards.
Pedro Igor
Actions