mysql - Secure JSF Applicattion (Login) with Glassfish -
i'm trying secure jsf application. using jdbc mysql connection. password hashed using sha-256 function. j_security_check redirecting me error.xhtml page.
username: admin password: admin
this mysql database tables:
drop table if exists `group`; create table `group` ( `groupname` varchar(45) not null, `useranme` varchar(45) not null, primary key (`groupname`,`useranme`), key `user_group_fk_idx` (`useranme`), constraint `user_group_fk` foreign key (`useranme`) references `user` (`username`) on delete no action on update no action ) engine=innodb default charset=utf8; insert
groupvalues ('admin','admin');
drop table if exists `user`; create table `user` ( `username` varchar(45) not null, `password` varchar(256) not null, `name` varchar(45) default null, `timestamp` datetime default null, primary key (`username`) ) engine=innodb default charset=utf8; insert `user` values ('admin','8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918','administrator','2014-03-21 15:03:42'); - i've created new jdbc connection pools called userdb //ping succeeded
resource type: javax.sql.connectionpooldatasource
- i've created new jdbc resources called jdbc/user (jndi name)
- i've created new realm these fields: (realm name = "userdb")
jndi = "jdbc/user"
usertable = "user"
usernamecolumn = "username"
passwordcolumn = "password"
grouptable = "group"
groupnamecolumn = "groupname"
digestalgorithm = "sha-256"
passwordencryptionalgorithm = "aes"
web.xml:
<?xml version="1.0" encoding="utf-8"?> <web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"> <context-param> <param-name>javax.faces.project_stage</param-name> <param-value>development</param-value> </context-param> <servlet> <servlet-name>faces servlet</servlet-name> <servlet-class>javax.faces.webapp.facesservlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>faces servlet</servlet-name> <url-pattern>*.xhtml</url-pattern> </servlet-mapping> <session-config> <session-timeout> 30 </session-timeout> </session-config> <welcome-file-list> <welcome-file>index.xhtml</welcome-file> </welcome-file-list> <security-constraint> <display-name>admin security</display-name> <web-resource-collection> <web-resource-name>admin</web-resource-name> <description/> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>form</auth-method> <realm-name>userdb</realm-name> <form-login-config> <form-login-page>/login.xhtml</form-login-page> <form-error-page>/error.xhtml</form-error-page> </form-login-config> </login-config> <security-role> <description/> <role-name>admin</role-name> </security-role> </web-app> glassfish-web.xml:
<?xml version="1.0" encoding="utf-8"?> <!doctype glassfish-web-app public "-//glassfish.org//dtd glassfish application server 3.1 servlet 3.0//en" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd"> <glassfish-web-app error-url=""> <security-role-mapping> <role-name>admin</role-name> <group-name>admin</group-name> </security-role-mapping> <class-loader delegate="true"/> <jsp-config> <property name="keepgenerated" value="true"> <description>keep copy of generated servlet class' java code.</description> </property> </jsp-config> </glassfish-web-app> and login page:
<form action="j_security_check" method="post"> username:<input type="text" name="j_username"/><br/> password:<input type="password" name="j_password"/> <input type="submit" value="login"/> </form>
Comments
Post a Comment