Thursday, April 28, 2011

School Annual Day Compering Speech



As we all know security can be divided into 3 aspects:


Authentication: the user is actually who they say they are.

Authorization: you may do only what is permitted to do.
Data Security: the user to see data that you can actually see.
Not all applications need all these aspects, such as a minor application of an intranet does not necessarily need data security. Let

attack authentication. With JSF we can authenticate our users in different ways.
  • One way is through the container, all web containers handled the concept of security and the ability to authenticate a user. Many applications only require authentication, so we can do at the container. This provides three ways: basic, form-based, and client certificate. An example of basic authentication by adding the following lines to web.xml: 







  BASIC 
  
  UserDatabase 
  
  
  
   
  authentication I brought with the basic concept of realm. A realm is an object that represents the users and their authentication. Realm is not a standard concept and is implemented differently in the containers. For example in Apache Tomcat is a simple xml file:  
  
  
  
 




 
  
  
  
  
  
  
 Another possible forms-based authentication is, this solution was created before the JSF and is not recommended if authentication should be integrated Application:  
  
  
 FORM
UserDatabase 



 / faces / login.jsp  
  / faces / loginError.jsp  
   
  
   Another possibility is to integrate the login to our application. We will investigate this option that is most used. 
  What we should do is an application which can not access any website without first log in, and if someone tries to access the page is redirected to the login page. At login the user can log in so they can perform their tasks.  
 The concept of servlet filter, implemented in version 2.3 of servlet and redefined in 2.4 allows to operate on a request before this is processed. This allows us to check if the user is logged when you access any site. Then we state our filter in the web.xml:


That Require the user log in page
Before Accessing Any Other Than the entry pages


ForcedLoginFilter 

 org.assembly.util.ForcedLoginFilter 
  
  
  
  ForcedLoginFilter  
  *. jsp  
  
 FORWARD REQUEST 
  
   
   
 And ForcedLoginFilter class is: package   
  org.assembly.util;  
 import java.io.IOException;  import java.util. Arrays; 
 import java.util.Iterator;


import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 
 import javax.servlet.ServletRequest;
 
 import javax.servlet.ServletResponse;
 
 import javax.servlet.http.HttpServletRequest;
 
 import javax.servlet.http.HttpSession;
 
 
 
 public class ForcedLoginFilter implements Filter {
 
 	private static final String LOGIN_JSP = "login.jsp";
 
 
 
 	public ForcedLoginFilter() {
 
 	}
 
 
 
 	private static boolean checkLoginState(ServletRequest request,
 
 			ServletResponse  response) throws IOException, ServletException {
 
 		boolean isLoggedIn = false;
 
 		HttpSession session = ((HttpServletRequest) request).getSession(false);
 
 		UserBean managedUserBean = null;
 
 		// If there is a UserBean in the session, and it has
 
 		// the isLoggedIn property set to true.
 
 		if (null != session
 
 				&& (null != (managedUserBean = (UserBean) session
 
 						.getAttribute("UserBean")))) {
 
 			if (managedUserBean.isIsLoggedIn()) {
 
 				isLoggedIn = true;
 
 			}
 
 		}
 
  		return isLoggedIn;
 
 	}
 
 
 
 	public void doFilter(ServletRequest request, ServletResponse response,
 
 			FilterChain chain) throws IOException, ServletException {
 
 
 
 		boolean isLoggedIn = checkLoginState(request, response);
 
 
 
 		if (isRedirect((HttpServletRequest) request) && !isLoggedIn) {
 
 			String loginURI = LOGIN_JSP;
 
 
 
 			RequestDispatcher requestDispatcher = request
 
 					.getRequestDispatcher(loginURI);
 
 
 
 			// Force the login
 
 			requestDispatcher.forward(request, response);
 
  			return;
 
 		} else {
 
 			try {
 
 				chain.doFilter(request, response);
 
 			} catch (Throwable t) {
 
 				// A production quality implementation will
 
 				// deal with this exception.
 
 			}
 
 		}
 
 	}
 
 
 
 	private boolean isRedirect(HttpServletRequest request) {
 
 		String requestURI = request.getRequestURI();
 
 
 
 		return (!requestURI.contains(LOGIN_JSP));
 
 	}
 
 
 
 	@Override
 
 	public void destroy() {
 
 		// TODO Auto-generated method stub
 
 
 
 
 
} @ Override public void init 
 (FilterConfig arg0) throws ServletException {
 / / TODO Auto-generated method stub 
 
 
}} 
 
 
 
 
 
 Classes are filters must implement the Filter interface. In this case what the filter is to verify that the user exists in the session and if the url is redirecting it, because if login redirect to go to an infinite loop is formed. 
 
 Userbar object is responsible for representing a user. 
 
 
 
 org.assembly.util package; 
 Userbar 
 public class String {private

userName;



private String userPassword;



public UserBean(String userName, String userPassword) {

this.userName = userName;
 		this.userPassword = userPassword;
 
 	}
 
 
 
 	public boolean isIsLoggedIn() {
 
 		return true;
 
 	}
 
 
 
 	public String getUserName() {
 
 		return userName;
 
 	}
 
 
 
 	public void setUserName(String userName) {
 
 		this.userName = userName;
 
 	}
 
 
 
 	public String getUserPassword() {
 
 		return userPassword;
 
 	}
 
 
 
 public void setUserPassword (String userPassword) {
 this.userPassword = userPassword; 
}} 
 
 
 
 
 
 
 
 
 So now we create a login.jsp page that will be as follows 
 
 
 
 
 
 pageEncoding = " UTF-8 "%> 
 





 
 
 <%@ page language="java" contentType="text/html; charset=UTF-8"

 
 <%@ taglib prefix="f" uri="http://java.sun.com/jsf/core"%> 
 Base <%@ taglib prefix="h" uri="http://java.sun.com/jsf/html"%> Taxpayers 
  
 < html> 
 < head> 
 < meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
 
 
   
 
  
 < /head> 
 < body background="black"> 
 
  
  
 
 
 
 action = "# {loginBean.validate}" /> 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
  
  
 And then we create the managed bean that will be like this: 
 < /body> 
 
 org.assembly.util.login package; < /html> 
 import javax.faces.context.FacesContext; 
 org.assembly.util.UserBean import; 
 public class


LoginBean {private String userName;

private String userPassword; 
 
 public String validate () {
 
 / / validate if the password and pass are correct. 
 / / if an error return null; 
 
 Userbar Userbar = new user (userName, userPassword); 
 
 FacesContext.getCurrentInstance (). GetExternalContext (). GetSessionMap () 
. Put ("Userbar", user); 
 
 return "index";} 
 
 
 getUserName public String () {return userName 
; 
} public void 
 
 setUserName (String userName) {
 this.userName = userName;} 
 
 
 getUserPassword public String () {
 return userPassword;} 
 
 public 
 setUserPassword void (String userPassword) {
 this.userPassword = userPassword; 
}} 
 
 
 
 
 
 
 Then we declare in the face-config.xml our bean and login url. 
 
 
 
 
 
 
 loginBean

org.assembly.util.login.LoginBean 


 
  
 request ...   
   
   login / login.jsp 
  
 
 
  
  This was a little example in jsf login.
Posted by admin at 6:54 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)