0

I have an application based on JSF 2.2 with Primefaces, that uses j_security_check to authenticate users. The application is doing well, but we have a situation, where other applications can authenticate the same user. The problem is, that this others applications doesn't run at the same server, and they use a "Fake Single Sign On" based on a token generated by a service. Each application receive this token, validate it, and confirms the user login or not.

What I am expecting to do, is receive this token, by a HTTP request, validate it, and auto-login the user in my application that uses j_security_check.

Anybody knows if this is possible to do?

user2907041
  • 1
  • 2

1 Answers1

0

You can use HttpServletRequest#login() to perform programmatic login. You can do this anywhere you can get a hand to the HttpServletRequest, such as in a JSF backing bean, a servlet filter, or even a plain vanilla servlet.

request.login(username, password);

Note: this doesn't strictly "bypass" j_security_check. It is the programmatic variant of j_security_check.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555