[Solved] PrettyFaces & JAAS problem

Splash Forums PrettyFaces Users [Solved] PrettyFaces & JAAS problem

This topic contains 8 replies, has 2 voices, and was last updated by  Lincoln Baxter III 2 years, 1 month ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #26233

    Nasicus
    Participant

    Hi there

    I got a java web app with a form based JAAS (JDBC Realm authentication). This means when you access the website and are not logged in, you will get redirected to the login page (login.xhtml in my case) where you then can fill out a login form and log in. This works just fine.

    What I now want to do is to use prettyfaces for a programmatic login:

    <url-mapping id="home">
      <pattern value="/login/#{param1}/#{param2}" />
       <view-id value="/faces/index.xhtml" />
    </url-mapping>

    The rewriting works – I can access my website via sitename/login/foo/bar but when I want to get the parameters in the login.xhtml (or in the backing bean) they are both null. I guess this happens because there is another redirection to login.xhtml (which is done by the container I guess).
    Strange enough if I add the parameters with the query-style i.e. sitename?param1=foo&m2=bar they are both there and I can use them.
    Also once I have logged in and call the same url (sitename/login/foo/bar) again I can access the parameters – so the mapping is correct.

    What am I doing wrong? Is there anyway to fix this?

    I’m using Wildfly 8 and prettyfaces 2.0.12.Final.

    edit:
    It won’t help if I change the mapping like this:

    <url-mapping id="home">
      <pattern value="/login/#{param1}/#{param2}" />
       <view-id value="/faces/login.xhtml" />
    </url-mapping>

    Even then there are no parameters available.

    • This topic was modified 2 years, 2 months ago by  Nasicus.
    • This topic was modified 2 years, 2 months ago by  Nasicus.
    • This topic was modified 2 years, 2 months ago by  Nasicus.
    • This topic was modified 2 years, 2 months ago by  Nasicus.
    • This topic was modified 2 years, 2 months ago by  Nasicus.
    • This topic was modified 2 years, 1 month ago by  Nasicus.
    #26249

    Nasicus
    Participant

    Hi sorry for the double post.

    But I just wanted to ask:
    Is my question unclear? Do you need more information?
    Or does simply nobody know anything about this issue?

    Regards

    #26256

    Are you using request.getParameter() and/or request.getParameterMap() ? Either of these methods should return your parameters just fine. The internal forwards do not include query-parameters. The values are added directly to the request map.

    #26257

    PS. Sorry for the wait!!! Apologies for taking so long to answer.

    #26267

    Nasicus
    Participant

    Hey Lincoln – no problem 🙂

    I’m getting the parameters via:

    facesContext.getExternalContext().getRequestParameterMap();

    but I just tried it with ((HttpServletRequest) facesContext.getExternalContext().getRequest()).getParameter("foo") and the param is also null then.

    Maybe the rest of my code does help to find the mistake.

    In the login.xhtml I’m calling the bean like this:

    
    <html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:p="http://primefaces.org/ui">
    	<f:metadata>
    	  	<f:event type="preRenderView" listener="#{loginController.tryLoginWithRequestParams}" />
    	</f:metadata>
    ....
    

    And this is the bean:

    
    @Model
    public class LoginController {
    
    	@Inject
    	private FacesContext facesContext;
    
    	public void tryLoginWithRequestParams(ComponentSystemEvent event) throws IOException {
    		Map<String, String> params = facesContext.getExternalContext().getRequestParameterMap();
                    ..........
            }
    }
    

    `

    What I wonder is if prettyfaces even comes BEFORE the JAAS login redirection – I realized that when you’re not logged in you can type what ever you want in the URL and you will always get to the login page – so maybe prettyfaces does not even get the chance to do something? Or maybe prettyfaces puts something in the requestmap and jaas just overrides it? (Aka i am too late in reading it out – maybe my bean is “wrong”?)

    • This reply was modified 2 years, 2 months ago by  Nasicus.
    • This reply was modified 2 years, 2 months ago by  Nasicus.
    • This reply was modified 2 years, 2 months ago by  Nasicus.
    • This reply was modified 2 years, 2 months ago by  Nasicus.
    • This reply was modified 2 years, 2 months ago by  Nasicus.
    • This reply was modified 2 years, 2 months ago by  Nasicus.
    #26277

    It’s possible that you need to play with the ordering of the PrettyFaces and JAAS servlet filters (I’m not sure if JAAS even participates in the filter lifecycle, so that’s a good question and something worth finding out.. it’s possible that PrettyFaces is literally not given a chance to intercept this, but I’d hope that it is.)

    #26288

    Nasicus
    Participant

    Sorry but I have no idea how to do what you said – can you give me an example ? 🙂

    I did some further research (tried to create a workaround):

    Even if I add a file to the unprotected area:

    
    ....
    		<web-resource-collection>
    			<web-resource-name>Unprotected Area</web-resource-name>
    			<url-pattern>/resources/*</url-pattern>
    			<url-pattern>/javax.faces.resource/*</url-pattern>
    			<url-pattern>/unprotected.xhtml</url-pattern>
    		</web-resource-collection>
    	</security-constraint>
    .... 

    and define a pretty-faces rule for this:

    
    	<url-mapping id="login">
    		<pattern value="/login/#{login}/#{pass}" />
    		<view-id value="/unprotected.xhtml" />
    	</url-mapping>
    

    It won’t work! So this means prettyfaces will work only if a successful login was done (user is logged in) and not before…

    #26295

    Nasicus
    Participant

    Yeah! I found a solution. It’s pretty simple.

    Let’s say you have the following prettyface mappings which you want to work BEFORE you have authenticated with JAAS:

    
    	<url-mapping id="login">
    		<pattern value="/login/#{login}/#{pass}" />
    		<view-id value="/login.xhtml" />
    	</url-mapping>
    
    	<url-mapping id="loginError">
    		<pattern value="/loginerror" />
    		<view-id value="/login.xhtml?HasError=true" />
    	</url-mapping>
    

    To make this work you just add it to the unprotected area:

    
    ....
    	<security-constraint>
    		<web-resource-collection>
    			<web-resource-name>Unprotected Area</web-resource-name>
    			<url-pattern>/resources/*</url-pattern>
    			<url-pattern>/javax.faces.resource/*</url-pattern>
    			<url-pattern>/login/*</url-pattern>
                            <url-pattern>/loginerror</url-pattern>
    		</web-resource-collection>
    	</security-constraint>
    .... 

    Note that if you have parameters (as I have in the first rule) you have to add “/*” to the url pattern and if it’s just a prettyurl without paramters, you don’t have too 🙂

    #26299

    Very good! Thank you for posting your solution! This is great knowledge for anyone else who runs into this situation.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Comments are closed.