I was able to do a SSO(Single sign on) on click of external link from the code below. SSO works but username/password is seen on url.
https://example.org/index.php?userLogin=user1&userPassword=pass123
<h:outputLink styleClass="ui-menuitem-link ui-corner-all"
value="https://example.org/index.php">
<h:outputText value="Ext Tool" />
<h:outputText styleClass="ui-icon ui-icon-suitcase"
style="float:left" rendered="#{userBean.in}" />
<f:param name="userLogin" value="#{userBean.user.eUser}" />
<f:param name="userPassword" value="#{userBean.user.ePass}" />
</h:outputLink>
I also used tried as below...
<h:commandLink action="#{userBean.eSubmit()}">
<h:outputText value="Ext Tool" />
<f:param name="userLogin" value="#{userBean.user.eUser}" />
<f:param name="userPassword" value="#{userBean.user.ePass}" />
</h:commandLink>
In the bean.. My coding is like this
public void eSubmit() throws IOException{
FacesContext fc = FacesContext.getCurrentInstance();
fc.getExternalContext().redirect("https://example.org/index.php?userLogin=" + user.getUser() + "&userPassword=" + user.getPass());
}
Even for the above code with commandLink - UserName and password are visible in the URL. Please guide me to hide password in the URL.
Am new to JSF so please help me understand...
A redirect instructs the client to create a new GET request on the specified URL. That's why you see it being reflected in browser's address bar.
As to performing a POST to an external site, you don't necessarily need JSF here. You're not interested in updating JSF model nor invoking a JSF action. Just use a plain HTML POST form.
<form method="post" action="https://example.org/index.php">
<input type="hidden" name="userLogin" value="#{userBean.user.eUser}" />
<input type="hidden" name="userPassword" value="#{userBean.user.ePass}" />
<input type="submit" value="Ext Tool" />
</form>
If necessary, throw in some CSS to make the submit button look like a link, or some JS to let a link submit that form.
Related
I have a "custom" (JSF) login page for my application. My company uses Siteminder for authentication. So, in order to login to Siteminder with a "custom" page, I have to have a form that posts to /login.fcc with the appropriate form fields (username/password and a couple of Siteminder specific hidden fields).
What I am trying to do is to continue to leverage the form validations and such of JSF and still post to login.fcc.
Here is a stripped down version of my custom form:
<rich:messages />
<h:form id="adminLogin" prependId="false">
<h:panelGrid columns="2" styleClass="center">
<h:outputLabel value="HUB USERNAME:" />
<h:inputText id="USER" label="Username" size="12" required="true" />
<h:outputLabel value="HUB PASSWORD:" />
<h:inputSecret id="PASSWORD" label="Password" size="12" required="true" />
<input type="hidden" name="target" value="#{loginController.smTarget}" />
<input type="hidden" name="smagentname" value="#{loginController.smAgentName}" />
</h:panelGrid>
<h:panelGroup layout="block" styleClass="max-width button-panel">
<a4j:commandButton id="adminLoginBtn" value="LOGIN"
styleClass="login-btn"
action="#{loginController.managerLogin}" />
</h:panelGroup>
</h:form>
Note that I have used standard hidden inputs for the target and smagentname fields. This is because I have no need to have both setters and getters in my controller for these fields. I simply want the controller to provide the values when the page renders.
My controller method looks like this:
public void managerLogin()
{
LoginController.LOG.debug("manager is logging in...");
LoginController.LOG.debug("user: " + getRequestParameterValue("USER"));
LoginController.LOG.debug("smagent: " + getRequestParameterValue("smagentname"));
LoginController.LOG.debug("target: " + getRequestParameterValue("target"));
forwardTo(LoginController.SM_LOGIN_FCC);
}
You can see that I am logging the values from all fields except the password field and they all print correctly in my log...so I know I am getting the values. My "forwardTo()" method simply gets the ExternalContext and calls dispatch() on it...passing in the path to the login.fcc page (which is "/forms/login.fcc").
When I input values in the form and click the login button, I see my values in the console but I get a 404 message in my browser.
I can manually put the "/forms/login.fcc" page in the address line and I have no problems with the GET rendering the login.fcc page. But I, of course, don't want to render the login.fcc (GET) I want to peform the Siteminder login (via POST).
It is my understanding that all request parameters are made available through a forward process I was expecting this to work.
I can take this same form and un-JSF-ize it...and make the login button simply submit the form (whose action would be the /forms/login.fcc via POST and it works fine too, but then I loose the benefits of the form/field validations that JSF provides.
Any ideas?
Use the following process:
Follow the SiteMinder redirect
Send your credentials (username/password)
Follow the SiteMinder redirect again
Send the SiteMinder cookies
Here is an article which explains the process in detail:
How to Connect to a SiteMinder Protected Resource
How do I create a simple redirect with jsf?
I tried:
<h:form>
<h:commandButton action="www.google.de" value="go to google" />
</h:form>
But when I click the button, I just stay on the index page. Nothing happens!
What is wrong here?
Is JSF absolutely necessary here? You don't seem to need to submit anything to your side at all. Just use plain HTML.
<form action="http://www.google.de">
<input type="submit" value="Go to Google" />
</form>
Please note that the URL to the external site must include the scheme (the http:// part), otherwise it would just be submitted relative to the current request URI, such as http://example.com/context/www.google.de.
If you really need to submit to your side, e.g. to preprocess and/or log something, then you could use ExternalContext#redirect() in the action method.
<h:form>
<h:commandButton value="Go to Google" action="#{bean.submit}" />
</h:form>
with
public void submit() throws IOException {
// ...
FacesContext.getCurrentInstance().getExternalContext().redirect("http://www.google.de");
}
You can use:
<h:commandButton value="Go to Google" type="button" onclick="window.location.href = 'http://www.google.de';" />
No need for a form.
I want to create command button in JSF page. When I press it I want to open a new page and send a value using using the http. I tested this h:commnadButton but it's not working.
<h:commandButton id="lnkHidden" value=" Edit User " action="EditAccountProfile.jsf">
<f:param name="id" value="#{item.userid}" />
</h:commandButton>
h:commandButton is for submitting forms, usually executing actions in the server.
Use h:button for simple navigation:
<h:button id="lnkHidden" value=" Edit User " outcome="EditAccountProfile.jsf">
<f:param name="id" value="#{item.userid}" />
</h:button>
This will generate a normal HTML <input type="button" onclick="window.location.href=/correct/path/to/EditAccountProfile.jsf" />, no HTTP POST needed.
See also:
When should I use h:outputLink instead of h:commandLink?
I have developed a simple login form to be used in my JSF + PrimeFaces page:
<form action="j_security_check" method="post">
<p:dialog modal="true" header="Login" widgetVar="loginDlg">
<h:panelGrid columns="3" cellpadding="5">
<h:outputLabel for="j_username">Username:</h:outputLabel>
<h:inputText id="j_username" required="true" />
<h:message for="j_username" />
<h:outputLabel for="j_password">Password:</h:outputLabel>
<h:inputSecret id="j_password" required="true" />
<h:message for="j_password" />
<br />
<h:commandButton value="Login" />
</h:panelGrid>
</p:dialog>
</form>
Tried with an empty password, but the missing password (that is required) is not caught by h:message component. I have also switched to a p:commandButton thinking that the problem could have been in the Ajax behaviour of the button, but the page is not rendered because PrimeFaces complains about the CommandButton not being inside a form element. The exception thrown by the container is:
com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Access denied on empty password for user pippo
To summarize, I have 2 questions:
Why the missing password doesn't produce a message before the form is submitted?
How can I catch a LoginException and display the error message inside the dialog?
The j_security_check request is handled by the web container, not by JSF. That explains that the required="true" won't work. It works only when you use JSF <h:form> and programmatic login by HttpServletRequest#login() in the action method associated with the command button.
Best what you can do is to confiure a <form-error-page> in web.xml pointing to the very same URL as the <form-login-page>. You could then check if the request has been forwarded by j_security_check itself, which would mean that a login error has occurred.
<h:panelGroup rendered="#{requestScope['javax.servlet.forward.servlet_path'] == '/j_security_check'}">
<h:outputText value="Unknown login, please try again" styleClass="error" />
</h:panelGroup>
Use this instead of the <h:message>.
As to why <p:commandButton> complains that there's no form is simply because you didn't use <h:form>.
Unrelated to the concrete problem, that <form> (or <h:form> whenever you would decide to switch to programmatic login) can better be placed in the body of <p:dialog>, not outside. The <p:dialog> can by JS be relocated to end of body which would cause it not to be in a form anymore.
I want some code in facelet (jsf 2.0) to work:
<h:inputText id="q" />
<h:button outcome="/search.xhtml?q=#{q.value}" />
but when I press the button, search page opens without any parameters.
I think, my EL expression is wrong. Is it possible to access inputText value from EL expression? If not, how can I achieve the same functionality?
I've finished with using plain html form:
<form action="faces/search.xhtml" method="get">
<input type="text" name="query" />
<input type="submit" value="Find" />
</form>
In search.xhtml I have view param to get a value of query string:
<f:metadata>
<f:viewParam name="query" />
</f:metadata>
This solution has the problem - "faces/search.xhtml" is hardcoded. Also, when I place this form in search.xhtml and perform several searches I have something like this in browser url:
"http://localhost:8080/Application/faces/faces/faces/search.xhtml"
I think this problem can be solved with PrettyFaces (TODO :)
this is a late answer but I guess many people finding this post will have the same doubt whether EL can access html component and how it can:
Yes, EL can access JSF component which are implicit JSF object.
However, up to now I have only seen and used the example of component.valid:
<h:inputText id="streetNumber" value="#{property.streetNumber}" title="streetNumber" required="true" requiredMessage="Please enter the street number!" validatorMessage="Please enter a street number between 1 and 1000" converterMessage="Please enter a number" pt:placeholder="900">
<f:convertNumber integerOnly="true"/>
<f:validateLongRange minimum="1" maximum="1000" />
</h:inputText>
<h:message for="streetNumber" class="#{!streetNumber.valid ? 'label label-warning' : 'none'}" />
So, I suggest you(Dmitry) change the code to
<h:button outcome="#{"/search.xhtml?q=" + q.value}" />
Please let me know whether it works because I am also curious and anyone who faces the similar problem can follow my example and please let me know the result.