I'm not sure how to integrate those three.
What I have is a simple jsf login page and I have also created JDBCRealm. I have simple Data access layer which connects using jdbc to database. I have restricted the access to the other pages than login which works quite fine.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JDBCRealm</realm-name>
<form-login-config>
<form-login-page>/index.jsf</form-login-page>
<form-error-page>/xxx.jsf</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Users</role-name>
</auth-constraint>
</security-constraint>
What should I do to actually make it work, because I couldn't find proper solution: Is it like that? - do I need to validate if password and login is correct in my beans under login page ? Or is it done automatically by glassfish in this JDBCRealm? If so, how to enable/forward it there?
thanks in advance
In the page associated with <form-login-page> you need to create a form which look at least like this with exactly the URL j_security_check and input field names j_username and j_password:
<form action="j_security_check" method="post">
<input type="text" name="j_username" />
<input type="password" name="j_password" />
<input type="submit" />
</form>
The container will then intercept on it and handle it fully transparently.
If you want to have all freedom to use JSF components instead, then you need to let it take the control over the login as well in a managed bean action method:
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
request.login(username, password);
return "home";
} catch (ServletException e) {
errorMessage = e.getMessage();
return "error";
}