3:43 a.m.
Hi,
this is my first post and I am quite new to JBOSS/J2EE... Here is my issue :)
I use formbased authentication in my jsf portal. The authentication is send to an own
developed loginmodule which then calls a FoxPro webservice and gets back some different
messages depending if the password is ok, expired, is wrong and has X numbers of retries.
For each message a different exception is thrown by the loginmodule which is then
processed by the jsp pages in the frontend jsf gui. E.g. if the password is expired an
PassWordExpired exception is thrown by the loginmodule and the logon_error.jsp page (with
formbased authentication) then redirects to the passwordchange.jsp page. The change of the
password works fine but these pages are not secured by the formbased authentication.
That?s why everybody has to enter all credentials (userid, password old, password new x 2)
on this passwordchangepage. After the password was changed successfully the user is
redirected to a message jsp page showing that everything is ok while changing the
password. Then after pressing a button on this page the user should be redirected to the
startpage (which is the page that appears after the user logged in successfully). I found
a method on the web (see below) which then tries to get the startpage and enters the
necessary credentials on the j_security_check page, which the method knows that comes. The
method originally was created to just get the content of this page, what works fine, BUT
my intention is that the method logs in (via HttpClient class) and the browser recognizes
that he is already logged in. And I am afraid this does not happen. So the HttpClient is
logged in but the browser is not. SO no matter what I make (redirection directly to the
startpage shows then the login page, redirection to the index page which then redirects to
the startpage shows the startpage with url index.faces ? I then can enter my search values
but get redirected to the login page after pressing the submit button). Everything I make,
everything redirects somewhen to the login page... Does somebody have any idea how to
solve the problem or how to solve the problem on a different way? I really appreciate any
help of you?
Here the pieces of my code:
- the method:
public void getWebPage(String baseServer, String url, String webApp, String
tempUserID, String tempPWD) {
|
| //Set Cookie Policy to be generically compatible.
| String url2 = baseServer + url;
| HttpClient client = new HttpClient();
|
client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
|
| //Get Method: Request secure page and get redirected to login
page
|
| GetMethod authget = new GetMethod(url2);
| try {
| client.executeMethod(authget);
| InputStream responseBody =
authget.getResponseBodyAsStream();
| } catch (HttpException httpe) {
| _log.error(httpe.getMessage(), httpe);
| } catch (IOException ioe) {
| _log.error(ioe.getMessage(), ioe);
| }
|
| NameValuePair[] data = new NameValuePair[2];
| data[0] = new NameValuePair("j_username",
tempUserID);
| data[1] = new NameValuePair("j_password", tempPWD);
|
| //Post Method: logs into url
| String testURL = (baseServer + webApp +
"j_security_check");
| PostMethod authpost = new PostMethod((baseServer + webApp +
"j_security_check"));
| authpost.setRequestBody(data);
|
| // commented because causes an exception
|
//authpost.setRequestHeader(authget.getRequestHeader("Cookie"));
|
authpost.setRequestHeader(authget.getRequestHeader("Host"));
|
authpost.setRequestHeader(authget.getRequestHeader("User-Agent"));
|
| try {
| // commented as setFollowsRedirect has no effect
| // no matter if you say true or false
| // info [HttpMethodBase] Redirect requested but
followRedirects is disabled appears
| //authpost.setFollowRedirects(true);
| client.executeMethod(authpost);
| //authpost.setFollowRedirects(false);
|
| } catch (HttpException httpe) {
| System.err.println(httpe.getMessage());
| httpe.printStackTrace();
| } catch (IOException ioe) {
| System.err.println(ioe.getMessage());
| ioe.printStackTrace();
| }
|
authget.setRequestHeader(authpost.getRequestHeader("Cookie"));
|
authget.setRequestHeader(authpost.getRequestHeader("Host"));
|
authget.setRequestHeader(authpost.getRequestHeader("User-Agent"));
|
| authpost.releaseConnection();
| authget.releaseConnection();
| }
- the entry in the faces-config.xml
<navigation-rule>
| <from-view-id>/*</from-view-id>
| <navigation-case>
| <from-outcome>GermanMoverStartPageRedirect</from-outcome>
| <to-view-id>/germanmoverstartpage.jsp</to-view-id>
| <redirect/>
| </navigation-case>
| </navigation-rule>
- the method called on the ?password successful changed? page when pressing the
?redirect to start page? button
public String goGermanMoverIndex() {
| user = gmPasswordUserIDValue.getSubmittedValue().toString();;
| String tempPassword =
gmPasswordNew1Value.getSubmittedValue().toString();
| getWebPage("https://WebServer", "/startpage.faces",
"/", user, tempPassword);
| return "GermanMoverStartPageRedirect";
| }
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970295#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...