Consider this code block:
HttpServletRequest request = Faces.getRequest();
if (request.getRemoteUser() == null) {
try {
request.login(userName, password);
request.getSession().invalidate();
request.getSession(true);
} catch (Exception e) {
log.info("login() failed with exception", e);
Messages.addWarn(null, "Authentication Failed");
return;
}
} else {
log.debug("login() user is already authenticated");
}
Lets say your authentication is successful. If the user refreshes the page and goes through this method again, the log.debug("login() user is already authenticated"); line is not reached.
We want to log the user in programmatically then have that user be associated with the session (like how spring and shiro work). How do you do this?
Our web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SomeRealm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
Aucun commentaire:
Enregistrer un commentaire