Thursday, February 21, 2008

Putting it all together

So, now that I have my ldap server working (more or less).  I need to use it to authenticate with, this turned out to be surprisingly easy with GlassFish.  I created a new LDAP Realm like this:

ldapConfig

The "assign group" property was  a bit confusing - basically it is just a value that you map you application to in the web.xml and the sun-web.xml this is an exampl of how it could be done using the webusers as the value of the "assign group" property.

web.xml:

  <security-constraint>
<web-resource-collection>
<web-resource-name>Faces Servlet</web-resource-name>
<url-pattern>/pages/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>AUTHENTICATED</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LdapRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/unprotected/loginError.jsf</form-error-page>
</form-login-config>
</login-config>


sun-web.xml:


	<security-role-mapping>
<role-name>AUTHENTICATED</role-name>
<group-name>webusers</group-name>
</security-role-mapping>


The last bit of magic is the login form:


<form action="j_security_check" method="post">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<p>User ID<br/>
<input type="text" name="j_username" value="" size="10"/>
</p>
</td>
</tr>
<tr><td>
<p>Password<br/>
<input type="text" name="j_password" value="" size="10"/>
</p>
</td>
</tr>
<tr>
<td style="padding-bottom: 10px;">
<p>
<input type="submit" value="Log In"/>
</p>
</td>
</tr>
</table>
</form>


And that is how you can authenticate.  Now if you remember I'm using JSF to manage this and that is clearly not a jsf form.  So this is how I decided to make it work (and there are other options) it is not without problems mind you, JSF makes a lot of things better but in so doing messes up a lot of old conventions.


I have decided to work on the assumption that users are going to navigate to my web site by saying http://www.my great web site.com  I have the welcome page in a "protected" area so that by navigating to the welcome page you will get kicked out the the registration screen if you are successful then you get sent to the welcome page which does a jsp:forward to the welcome page through a faces context.  It is overly complicated I think but we have to make sure that the faces context is initialized correctly.

No comments: