The standard tutorials for J2EE 6 show the handling of user authentication as follows:
<form method="POST" action="j_security_check">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="right">Username: </td>
<td>
<input type="text" name="j_username">
</td>
</tr>
<tr>
<td align="right">Password: </td>
<td>
<input type="password" name="j_password">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" value="Login">
</td>
</tr>
</table>
</form>
The approach uses the special container function “j_security_check” with special fields “j_username” and “j_password”.
* Would this be possible to do in JSF 2.0 ?
* Are the j_username/j_password fields available after successful authentication? More precisely, how do I identify the user after they have authenticated?
Any simple, example code snippets would be much appreciated.
Yes. It’s after all just a bunch of HTML and the container is the one who’s doing the authentication, not JSF itself. An alternative is programmatic login by
HttpServletRequest#login(). This allows you to use a fullworthy JSF form with JSF based validation, ajax fanciness and all on em. See also this answer for a kickoff example: Does JSF support form based securityOnly the username is in JSF context available by
ExternalContext#getRemoteUser()and in views by#{request.remoteUser}. The password is not available for obvious security reasons.