JSF authentication and authorization

java authentication jsf authorization jaas
Zecrates picture Zecrates · Jul 27, 2009 · Viewed 21.6k times · Source

What is the best way to go about implementing authentication and authorization for a JSF web application? Preferrably I'd still want to use container-based security, as I need to call EJBs that require the principal.

I realize form-based authentication is a major struggle with JSF, but can I perhaps use a PhaseListener or something similar together with programmatic logon to authenticate the user?

Any other methods I should rather have a look at?

Answer

Tiger picture Tiger · Jul 27, 2009

Try to check out the blog for using JAAS with JSF. This is the example of how to deploy the JAAS with JSF for authentication and authorization.

I hope it helps.

Tiger

Related questions

Programmatically add roles after authentication

I have the following JSF 2.1 login form, running in Glassfish 3.1 <h:form id="loginForm"> <h:panelGrid columns="2" cellspacing="5"> <h:outputText value="Username" /> <h:inputText value="#{loginHandler.username}" /> <h:outputText value="Password:" /&…

Read More
Best practice for REST token-based authentication with JAX-RS and Jersey

I'm looking for a way to enable token-based authentication in Jersey. I am trying not to use any particular framework. Is that possible? My plan is: A user signs up for my web service, my web service generates a token, …

Read More
How to manually set an authenticated user in Spring Security / SpringMVC

After a new user submits a 'New account' form, I want to manually log that user in so they don't have to login on the subsequent page. The normal form login page going through the spring security interceptor works just …

Read More