FORM based auth not working with JSF/XHTML page
ionutvaidianu Jun 2, 2012 12:51 PMTHE PROBLEM: FORM based authentication is not working when the login form is submitted from a JSF/XHTML page, but it does when the form is submitted from a JSP page.
DESCRIPTION: The security realm and domain are configured with a "Database" login module, the security contraint is defined in the web.xml of the project / WAR and the authentication method is set to FORM in web.xml. The login and error pages are set also in web.xml.
We have two test cases:
A.: The login page is a JSP page (bellow) -> the authantication is working fine
<html><head><title>Login Page</title></head>
<body>
<font size='5' color='blue'>Please Login</font><hr>
<form action='j_security_check' method='post'>
<table>
<tr>
<td>Name:</td>
<td>
<input type='text' name='j_username'>
</td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type='password' name='j_password' size='8'>
</td>
</tr>
</table>
<br>
<input type='submit' value='login'>
</form>
</body>
</html>
B.: The login page is a JSF page (bellow) -> the authentication is not working, the browser gets redirected to the login page after each attempt and in the log I get the message: "authentication failed test()a".
The template in the apge bellow is the template generated in a standard RichFaces project created with JB Tools in Eclipse. In any case, even with a XHTML page that does not have templates the behavior is the same.
<!DOCTYPE html>
<html lang="en">
<ui:composition template="/WEB-INF/templates/desktop.xhtml" xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:a4j="http://richfaces.org/a4j"
xmlns:rich="http://richfaces.org/rich" xmlns:my="http://java.sun.com/jsf/composite/components">
<ui:define name="content">
<h:messages />
<h:form id="loginForm" method="post" action="j_security_check">
<h:panelGrid id="panel" columns="2" border="0">
<f:facet name="header">
<h:outputText value="Login" />
</f:facet>
<h:outputLabel value="User" />
<input type="text" name="j_username" size="25" />
<h:outputLabel value="Password" />
<input type="password" size="15" name="j_password" />
<f:facet name="footer">
<h:panelGroup style="display:block; text-align:center">
<input type="submit" value="Log In" />
</h:panelGroup>
</f:facet>
</h:panelGrid>
</h:form>
</ui:define>
</ui:composition>
</html>
Is this a known limitation or some sort of bug?