Login with JAAS + Tomcat

Asked

Viewed 483 times

1

I did the JAAS configuration procedures in my JSF project, when I try to access it shows the information that user and password does not check, but I have already created the user table.

inserir a descrição da imagem aqui

inserir a descrição da imagem aqui

xml context.

<Context path="/FastChoice">
<Realm className="org.apache.catalina.realm.JDBCRealm" 
     driverName="com.mysql.jdbc.Driver"
     connectionURL="jdbc:mysql://localhost:3306/fastchoice" 
     connectionName="root" connectionPassword="admin" 
     userTable="usuario" userNameCol="nome_usuario" 
     userCredCol="senha"  userRoleTable="permissao_usuario"
     roleNameCol="nome_permissao"/>

Security class as the log in method

public class SegurancaBean {

private String usuario;
private String senha;

public String logar() {
  try {
    this.getRequest().login(this.usuario, this.senha);
    return "Home?faces-redirect=true";
    } catch (ServletException e) {
        FacesUtil.adicionarMensagem(FacesMessage.SEVERITY_ERROR, 
                FacesUtil.getMensagemI18n("username_password_does_not_match"));
        return null;
    }
}

public String sair() throws ServletException {
    this.getRequest().logout();
    return "Login?faces-redirect=true";
}


private HttpServletRequest getRequest() {
    FacesContext context = FacesContext.getCurrentInstance();
    return (HttpServletRequest) context.getExternalContext().getRequest();
}

public String getUsuario() {
    return usuario;
}
public void setUsuario(String usuario) {
    this.usuario = usuario;
}
public String getSenha() {
    return senha;
}
public void setSenha(String senha) {
    this.senha = senha;
}

}

Login.xhtml

<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core">
<h:head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>#{msg.login}</title>

    <h:outputStylesheet library="css" name="sistema.css"/>
</h:head>
<h:body>
    <div id="content">
        <div style="width: 240px; margin-left: auto; margin-right: auto; margin-top: 150px">
            <h1>#{msg.login}</h1>

            <h:form id="frm">

                <h:messages showDetail="false" showSummary="true" 
                    styleClass="form-messages" errorClass="error"/>

                <h:panelGrid columns="2" styleClass="form-grid" style="padding: 10px"
                        columnClasses="label, campo" id="panel">

                    <h:outputLabel value="#{msg.username}"/>
                    <h:inputText value="#{segurancaBean.usuario}" size="20"/>

                    <h:outputLabel value="#{msg.password}"/>
                    <h:inputSecret value="#{segurancaBean.senha}" size="20"/>

                    <h:panelGroup/>
                    <h:commandButton value="#{msg.login}" action="#{segurancaBean.logar}"/>
                </h:panelGrid>
            </h:form>
        </div>
    </div>
</h:body>

  • The approach I use is to create my own Realm class using JPA. Anyway I suggest an approach where you test JASS first with a simple Servlet and only then integrate with Faces.

  • Okay, I’ll look for articles on JPA, because I’ve never used.

  • David Filipe, I believe the answer: here may help in understanding your question.

1 answer

1

Now, in practice keep in mind that in Java EE, containers are responsible for providing application security. A container basically provides two types of security: declarative and programmatic.

Personally, I prefer to implement security using the declarative security type because as the implementation descriptor information (web.xml; jboss-web.xml; standalone.xml; Domain.xml) is contained/defined in an external file, it can be changed without the need to modify the source code. And this is a benefit and reduces maintenance and refactoring of source code.

To understand the type of declarative security using

Tipo de segurança: declarativa Source: [Michal Cmil et al - 2014, 309 p.]

And consider the following:

The login form must contain fields to enter a username and password. These fields must be named j_username and j_password, respectively. The authentication form must post these values in the logical name j_security_check.

All of these names starting with j_ are standardized by the Java Servlet specification - we just need to follow the convention to allow automatic mechanisms to work.[Michal Cmil et al - 2014, 310 p.]

I believe in your case, change your form as follows:

<h:form id="frm" method="post" action="j_security_check" >
    <h:messages showDetail="false" showSummary="true" 
        styleClass="form-messages" errorClass="error" />

    <h:panelGrid columns="2" styleClass="form-grid" style="padding: 10px"
            columnClasses="label, campo" id="panel">

        <h:outputLabel value="#{msg.username}"/>
        <h:inputText name="j_username" value="#{segurancaBean.usuario}" size="20"/>

        <h:outputLabel value="#{msg.password}"/>
        <h:inputSecret name="j_password" value="#{segurancaBean.senha}" size="20"/>

        <h:panelGroup/>
        <h:commandButton value="#{msg.login}" />
    </h:panelGrid>
</h:form>

I hope I’ve helped.


Reference:
[Juneau, Josh - 2013], Apress, 2013, Java EE 7 Recipes: A problem-Solution Approach - Proven Solutions for Java Enterprise Edition 7 Developement
[Gonçalves, Antonio - 2013], Apress, 2013, Beginning Java EE 7 (Expert Voice in Java)
[JSR 196 - JASPIC], JSR 196 - JASPIC: Javatm Authentication Service Provider Interface for Containers
[Anjana Mankale - 2013], Copyright 2013 Packt Publishing, Spring Security 3.x Cookbook: Over 60 Recipes to help you successfully Safghanuard your web Applications with Spring Security.
[Michal Cmil et al - 2014], Copyright 2014 Packt Publishing, Java EE 7 Development with Wildfly: Leverage the power of the Wildfly application server from Jboss to develop Modern Java EE 7 Applications.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.