-1

When I use 

@FormAuthenticationMechanismDefinition(
        loginToContinue = @LoginToContinue(
                loginPage = "/login.xhtml",
                useForwardToLogin = false))

then, after a successful login, the user gets redirected to the original page they requested.

But I would like some more control over the authentication form, so instead I am using:

@CustomFormAuthenticationMechanismDefinition(
        loginToContinue = @LoginToContinue(
                loginPage = "/login.xhtml",
                useForwardToLogin = false))

I was following this example: https://rieckpil.de/howto-simple-form-based-authentication-for-jsf-2-3-with-java-ee-8-security-api/

But the problem is that now, after successful login, the user is always redirected to index.xhtml instead of to the original page they requested.

Is there a way to achieve the same behavior with a CustomFormAuthenticationMechanismDefinition?

Kukeltje
  • 12,223
  • 4
  • 24
  • 47
Jimmy Praet
  • 2,230
  • 1
  • 15
  • 14
  • How would you do this with a plain (non-jsf/facelets) html page? And doing https://www.google.com/search?client=firefox-b-d&q=javaee-8+security+redirect+to+original+page gave me several hints... Tried them? – Kukeltje Jun 07 '20 at 09:10
  • Oh and the code you use should, in [mcve] example be inline. Otherwise the chance is there that the remove source disappears and nobody knows what your code was. And there is big difference between the code in the link you posted and what I read in the example in the java-ee security specs. If you post a [mcve], I'll write something in an answer that might be the answer or not (I don't have a pc at hand to test) – Kukeltje Jun 07 '20 at 12:48
  • There's not that much information out there about using the CustomFormAuthenticationMechanismDefinition from the new Java EE Security API JSR375. The google search query you posted above does not yield any useful results at first sight. Most results are about Spring Framework or about older versions of Java EE before there was the new API. I also don't see a big difference between the example I posted and the example in the spec: https://javaee.github.io/security-spec/spec/jsr375-spec.html#_custom_form_notes. I'll look into it, thanks anyway. – Jimmy Praet Jun 07 '20 at 21:37
  • Still please, please, please make a [mcve] in the question. Otherwise it will be voted to be closed – Kukeltje Jun 08 '20 at 07:02

1 Answers1

1

I got it working by adding ajax="false" to my p:commandButton. The Java EE Security Framework was setting the redirect header correctly, but the PrimeFaces p:commandButton ignored it.

Jimmy Praet
  • 2,230
  • 1
  • 15
  • 14
  • Good catch... I missed this too... and for me it worse to have missed this since I ran into the same issue with a former home-grown AA framework, still a [mcve] in the question is very much appreciated. Bu that *IS* weird is that you were redirected to the index page...and the example you refer to has no `ajax=false` Now I'm still a little confused. All the more reason for an [mcve] i the question with the error in it – Kukeltje Jun 08 '20 at 18:27
  • Oh right, there was another part to the problem. I had incorrectly set the `newAuthentication` flag of https://javaee.github.io/security-api/apidocs/javax/security/enterprise/authentication/mechanism/http/AuthenticationParameters.html to `true` as a workaround because I stayed on the login page after successful login. That explains the redirect to the index page as the `SEND_CONTINUE` isn't used in that case. Instead, `SUCCESS` was returned, and the sample code redirects to `index.xhtml`. I don't have time to provide a clean example but I hope this may help people running into the same issue. – Jimmy Praet Jun 08 '20 at 18:59
  • A [mcve] can (almost) be copy/pasted from the link you posted. Not making the time to create a [mcve] is not a good incentive (the opposite even) for us to try to help out. In addition it is against SO guidelines and the question may get closed for not containing a [mcve]. Please take 10-15 minutes and create one – Kukeltje Jun 08 '20 at 19:39