Clever Geek Handbook

Form authentication method using JSF 2.2 Glassfish 4.1 failing

I had a real problem with this way of dongs, I usually don't post issues here unless I completely exhausted my resources (Internet Searches and Peer Help).

I am trying to run a demo application that provides form validation using the j_security_check action.

I believe everything is configured correctly for this method.

The main warning I'm getting is:

Warning:   Unable to find component with ID j_username in view.
Warning:   Unable to find component with ID j_password in view.
Severe:   jdbcrealm.grouperror
Warning:   WEB9102: Web Login Failed:   com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception

My index.xhtml page redirects the login page if an unauthorized submission occurs.
I know my beliefs are correct when I created them.

I know this is absolutely not the best method for authentication, but I was asked to do this and was frustrated for too many hours.

there is some link

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"                                                              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>jdbcRealm</realm-name>
    <form-login-config>
        <form-login-page>/faces/login.xhtml</form-login-page>
        <form-error-page>/faces/loginError.xhtml</form-error-page>
    </form-login-config>
</login-config>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Admin user</web-resource-name>
        <url-pattern>/faces/admin/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ADMIN</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>User</web-resource-name>
        <description/>
        <url-pattern>/faces/users/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ADMIN</role-name>
        <role-name>USER</role-name>
    </auth-constraint>
</security-constraint>
<welcome-file-list>
    <welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>

GlassFish-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1   Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<class-loader delegate="true"/>
<jsp-config>
    <property name="keepgenerated" value="true">
        <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
    <security-role-mapping>
        <role-name>ADMIN</role-name>
        <group-name>ADMIN</group-name>
    </security-role-mapping>
    <security-role-mapping>
        <role-name>USER</role-name>
        <group-name>USER</group-name>
    </security-role-mapping>
</jsp-config>

login.xhtml

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
  xmlns:h="http://xmlns.jcp.org/jsf/html">
<h:head>
    <title>Facelet Title</title>
</h:head>
<h:body>
    <p>Login to access secure pages:</p>
    <form method="POST" action="j_security_check">
        <h:panelGroup>
        <h:panelGrid columns="2">
            <h:outputLabel for="j_username" value="Username" />
            <input type="text" name="j_username" />

            <h:outputLabel for="j_password" value="Password" />
            <input type="password" name="j_password" />

            <h:outputText value="" />
            <h:panelGrid columns="2">
                <input type="submit" name="submit" value="Login" />
                <h:button outcome="index.xhtml" value="Cancel" />
            </h:panelGrid>
        </h:panelGrid>
            </h:panelGroup>
    </form>
</h:body>

GlassFish-resources.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">
<resources>
 <jdbc-resource enabled="true" jndi-name="jdbc/jdbcRealm" object-type="user" pool-name="RealmConnectionPool">
<description/>
</jdbc-resource>
<jdbc-connection-pool allow-non-component-callers="false" associate-with-thread="false" connection-  creation-retry-attempts="0" connection-creation-retry-interval-in-seconds="10" connection-leak-reclaim="false" connection-leak-timeout-in-seconds="0" connection-validation-method="auto-commit" datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" lazy-connection-association="false" lazy-connection-enlistment="false" match-connections="false" max-connection-usage-count="0" max-pool-size="32" max-wait-time-in-millis="60000" name="RealmConnectionPool" non-transactional-connections="false" pool-resize-quantity="2" res-type="javax.sql.DataSource" statement-timeout-in-seconds="-1" steady-pool-size="8" validate-atmost-once-period-in-seconds="0" wrap-jdbc-objects="false">
<property name="URL" value="jdbc:mysql://localhost:3306/jdbcrealmdemo?zeroDateTimeBehavior=convertToNull"/>
<property name="User" value="root"/>
<property name="Password" value=""/>
</jdbc-connection-pool>
</resources>

thanks for any help and please i need this way of form authentication to work, i would rather be programming it but my hands are tied at the moment.

amuses

+3


source to share


3 answers


It seems the problem was

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
   <class-loader delegate="true"/>
   <jsp-config>
       <property name="keepgenerated" value="true">
           <description>Keep a copy of the generated servlet class' java code.</description>
       </property>
       <security-role-mapping>
           <role-name>ADMIN</role-name>
           <group-name>ADMIN</group-name>
       </security-role-mapping>
       <security-role-mapping>
           <role-name>USER</role-name>
           <group-name>USER</group-name>
       </security-role-mapping>
   </jsp-config>
</glassfish-web-app>

Should be like



<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
    <class-loader delegate="true"/>
    <jsp-config>
        <property name="keepgenerated" value="true">
            <description>Keep a copy of the generated servlet class' java code.</description>
        </property>
    </jsp-config>
    <security-role-mapping>
        <role-name>ADMIN</role-name>
        <group-name>ADMIN</group-name>
    </security-role-mapping>
    <security-role-mapping>
         <role-name>USER</role-name>
         <group-name>USER</group-name>
    </security-role-mapping>
</glassfish-web-app>

I had nested in it so that there were essentially no roles for the application, which caused HTTP 403 errors.

I hope this helps others in the future with similar problems.

0


source


from what you posted looks like the problem from your jdbcRealm. You need to make sure your tables are set up correctly. See the answer in this post which discusses table settings for real-time authentication GlassFish JDBC Realm Group Membership



0


source


See ticket GLASSFISH-18901 at JIRA. I also had this problem and managed to fix the code that was unsuccessful (incorrect results from the security rule check). Subsequent redirects to the landing page also fail, which is the focus of the above ticket.

I should note that the ticket above is for version 3.1.2 and the fix for the problem was originally targeted for version 4.0.1 (which doesn't seem to be released).

The ticket is now flagged for "future release", which likely means it won't be fixed anytime soon.

The patch I wrote to fix the authentication process is probably not valid for the 4.1 codebase as I believe they rewrote the whole process (leaving the bug where it appears).

0


source






More articles:


All Articles