Form based authentication in JSF

Not directly... But it is quite possible. It's not even technically a work-around, it's just not immediately obvious on how to do it.

What you basically want to create is a validation method that will check all the appropriate fields on your form.

There's basically two ways to do full form authentication. The first is to use the "validator" attribute on the last component on your form. It has to be the last one! The reason is that the rest of the fields will get validated and updated from the top down. Then, on your last component, you can refer the validator attribute to the method that checks all your form data.

The second method of doing this, which is the one I prefer, is to create a hidden field after all other input components on the page. Again, this has to be the last component in the form on your page (except for buttons or links). Set the hidden fields validator attribute to the method that checks the form. You hidden field should look like this:

<h:inputHidden id="whatever" value="required" validator="#{backingBean.method}" required="true" />

There's security reasons (apparently) for setting the field value and making the field required.

This is a FAQ. Try searching the forums for more information.

CowKing

IamCowKinga at 2007-7-16 21:10:08 >

I'm using form based authentication in a JSF app. The simplest way is to leave the login and login_error pages outside of the jsf scope.. of course you will lose some functionality, but IMO it could be accepted for those two pages only.

I don't know if it works for all servlet containers, but using client-side state saving my JSF app is also session timeout tollerant (the components tree state is restored even after a timeout->login->return to page).

Cosmaa at 2007-7-16 21:10:08 >