1

i have read there, i am using glassfish 3.1.1 security realm configured with sha-256 digest algorithm. is there any tutorial about this ? maybe i am blethering, i am trying to login with this code:

public void login() throws NoSuchAlgorithmException {
    FacesContext context = FacesContext.getCurrentInstance();
    HttpServletRequest request = (HttpServletRequest)context.getExternalContext().getRequest();

    EntityManager em = emf.createEntityManager();
    boolean committed = false;
    try {
        FacesMessage msg = null;
        EntityTransaction entr = em.getTransaction();
        entr.begin();
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            md.update(password.getBytes());
            byte byteData[] = md.digest();
            StringBuffer sb = new StringBuffer();
            for (int i = 0; i < byteData.length; i++) {
                sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
            }
            password = sb.toString();
            Query query = em.createQuery("SELECT COUNT(u) FROM EntityUser u WHERE u.userName = :userName AND u.password = :password")
                    .setParameter("userName", userName).setParameter("password", password);
            long result = (long)query.getSingleResult();
            if (result == 1) {
                request.login(userName, password);
                msg = new FacesMessage();
                msg.setSeverity(FacesMessage.SEVERITY_INFO);
                msg.setSummary("You are logged in");
            }
            entr.commit();
            committed = true;
        } catch (ServletException e) {
            context.addMessage(null, new FacesMessage("wrong username or password"));
        }
        finally {
            if (!committed) entr.rollback();
        }
    } finally {
        em.close();
    }
}

result variable returns 1, but request.login(userName, password); method in if condition always throws servletexception.

Community
  • 1
  • 1
Deniz
  • 364
  • 2
  • 7
  • 16

3 Answers3

1

Can you post the exception stacktrace? That way it would be easier to understand the source of the exception. But judging from your currently supplied code, you should supply in

request.login(userName, password);

the password as the plain-text password and not the hashed password. 

Interface HttpServletRequest
ServletException - if the configured login mechanism does not support username password
authentication, or if a non-null caller identity had already been established (prior to 
the call to login), or if validation of the provided username and password fails.
Fritz
  • 1,144
  • 1
  • 13
  • 21
0

There can be a lot of reasons that login fails. You've just checked if appropriate user and password are in table. Glassfish makes two queries - in authenticate process - to two tables. One to table specified as userTable, and second to groupTable which are determined in security realm definition. Check if web.xml and glassfish-web.xml are correct too.

Zbyszek
  • 647
  • 2
  • 8
  • 21
  • i already can login with glassfish form authentication. i want to login programmatically – Deniz May 07 '12 at 18:44
0

the questioned problem is whole about method

request.login(userName, password);

Author made everything right, even his own authentication way of working with users database, but request.login needs for authentication realm be set up, to be used by this method. And you have your own, you dont need separate request.login authentication. For the case you need it - thats how you do it jdbc-realm-setup-with-glassfish-v3

So, after you get the result=1, you set up your context.getExternalContext().getSessionMap().put("user", u); and send redirection context.getExternalContext().redirect(context.getExternalContext().getRequestContextPath() + "какой-то модуль.xhtml");

and use webfilter to block access to /Pages/*.xhtml without logging in.

@WebFilter("/Pages/*")
    public class LoggingFilter implements Filter {

        @Override
        public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
            HttpServletRequest req = (HttpServletRequest)request;
            HttpServletResponse res = (HttpServletResponse)response;
            User user = (User) req.getSession().getAttribute("user");         
            if(user != null){
                chain.doFilter(request,response);
            }  
            else res.sendRedirect(req.getContextPath()+"/запрос_учетных_данных.xhtml");
        }

        @Override
        public void init(FilterConfig filterConfig) throws ServletException {
        }

        @Override
        public void destroy() {
        }
    }
rustem.russia
  • 575
  • 5
  • 6