Thursday, April 28, 2011

School Annual Day Compering Speech

As we all know security can be divided into 3 aspects:

Authentication: the user is actually who they say they are.

Authorization: you may do only what is permitted to do.
Data Security: the user to see data that you can actually see. Not all applications need all these aspects, such as a minor application of an intranet does not necessarily need data security. Let

attack authentication. With JSF we can authenticate our users in different ways.
  • One way is through the container, all web containers handled the concept of security and the ability to authenticate a user. Many applications only require authentication, so we can do at the container. This provides three ways: basic, form-based, and client certificate. An example of basic authentication by adding the following lines to web.xml:



authentication I brought with the basic concept of realm. A realm is an object that represents the users and their authentication. Realm is not a standard concept and is implemented differently in the containers. For example in Apache Tomcat is a simple xml file:


Another possible forms-based authentication is, this solution was created before the JSF and is not recommended if authentication should be integrated Application:



 / faces / login.jsp  
/ faces / loginError.jsp

Another possibility is to integrate the login to our application. We will investigate this option that is most used.
What we should do is an application which can not access any website without first log in, and if someone tries to access the page is redirected to the login page. At login the user can log in so they can perform their tasks.
The concept of servlet filter, implemented in version 2.3 of servlet and redefined in 2.4 allows to operate on a request before this is processed. This allows us to check if the user is logged when you access any site. Then we state our filter in the web.xml:

That Require the user log in page
Before Accessing Any Other Than the entry pages



*. jsp


And ForcedLoginFilter class is: package
import java.util. Arrays;
import java.util.Iterator;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpSession;

public class ForcedLoginFilter implements Filter {

private static final String LOGIN_JSP = "login.jsp";

public ForcedLoginFilter() {


private static boolean checkLoginState(ServletRequest request,

ServletResponse response) throws IOException, ServletException {

boolean isLoggedIn = false;

HttpSession session = ((HttpServletRequest) request).getSession(false);

UserBean managedUserBean = null;

// If there is a UserBean in the session, and it has

// the isLoggedIn property set to true.

if (null != session

&& (null != (managedUserBean = (UserBean) session

.getAttribute("UserBean")))) {

if (managedUserBean.isIsLoggedIn()) {

isLoggedIn = true;



return isLoggedIn;


public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

boolean isLoggedIn = checkLoginState(request, response);

if (isRedirect((HttpServletRequest) request) && !isLoggedIn) {

String loginURI = LOGIN_JSP;

RequestDispatcher requestDispatcher = request


// Force the login

requestDispatcher.forward(request, response);


} else {

try {

chain.doFilter(request, response);

} catch (Throwable t) {

// A production quality implementation will

// deal with this exception.




private boolean isRedirect(HttpServletRequest request) {

String requestURI = request.getRequestURI();

return (!requestURI.contains(LOGIN_JSP));



public void destroy() {

// TODO Auto-generated method stub

} @ Override public void init
(FilterConfig arg0) throws ServletException {
/ / TODO Auto-generated method stub


Classes are filters must implement the Filter interface. In this case what the filter is to verify that the user exists in the session and if the url is redirecting it, because if login redirect to go to an infinite loop is formed.

Userbar object is responsible for representing a user.

org.assembly.util package;
public class String {private


private String userPassword;

public UserBean(String userName, String userPassword) {

this.userName = userName;
 		this.userPassword = userPassword;


public boolean isIsLoggedIn() {

return true;


public String getUserName() {

return userName;


public void setUserName(String userName) {

this.userName = userName;


public String getUserPassword() {

return userPassword;


public void setUserPassword (String userPassword) {
this.userPassword = userPassword;

So now we create a login.jsp page that will be as follows

pageEncoding = " UTF-8 "%>


<%@ page language="java" contentType="text/html; charset=UTF-8"

<%@ taglib prefix="f" uri=""%>
Base <%@ taglib prefix="h" uri=""%> Taxpayers

< html>
< head>
< meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

< /head>
< body background="black">

action = "# {loginBean.validate}" />

And then we create the managed bean that will be like this:
< /body>

org.assembly.util.login package; < /html>
import javax.faces.context.FacesContext;
org.assembly.util.UserBean import;
public class

LoginBean {private String userName;

private String userPassword;
public String validate () {

/ / validate if the password and pass are correct.
/ / if an error return null;

Userbar Userbar = new user (userName, userPassword);

FacesContext.getCurrentInstance (). GetExternalContext (). GetSessionMap ()
. Put ("Userbar", user);

return "index";}

getUserName public String () {return userName
} public void

setUserName (String userName) {
this.userName = userName;}

getUserPassword public String () {
return userPassword;}

setUserPassword void (String userPassword) {
this.userPassword = userPassword;

Then we declare in the face-config.xml our bean and login url.




request ...

login / login.jsp

This was a little example in jsf login.


Post a Comment