StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
2997254
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
7
CommunityOwnedDate
CreationDate
2010-06-08T12:32:51.607
FavoriteCount
0
LastActivityDate
2014-05-13T19:14:15.487
LastEditDate
2014-05-13T19:14:15.487
LastEditorUserId
361343
OwnerUserId
361343
ParentId
2206911
PostTypeId
2
Score
84
ViewCount
0
LastEditorDisplayName
text
Body
<p>After searching the Web and trying many different ways, here's what I'd suggest for Java EE 6 authentication:</p> <h2>Set up the security realm:</h2> <p>In my case, I had the users in the database. So I followed this blog post to create a JDBC Realm that could authenticate users based on username and MD5-hashed passwords in my database table:</p> <p><a href="http://blog.gamatam.com/2009/11/jdbc-realm-setup-with-glassfish-v3.html" rel="noreferrer">http://blog.gamatam.com/2009/11/jdbc-realm-setup-with-glassfish-v3.html</a></p> <p>Note: the post talks about a user and a group table in the database. I had a User class with a UserType enum attribute mapped via javax.persistence annotations to the database. I configured the realm with the same table for users and groups, using the userType column as the group column and it worked fine.</p> <h2>Use form authentication:</h2> <p>Still following the above blog post, configure your web.xml and sun-web.xml, but instead of using BASIC authentication, use FORM (actually, it doesn't matter which one you use, but I ended up using FORM). Use the standard HTML , not the JSF .</p> <p>Then use BalusC's tip above on lazy initializing the user information from the database. He suggested doing it in a managed bean getting the principal from the faces context. I used, instead, a stateful session bean to store session information for each user, so I injected the session context:</p> <pre><code> @Resource private SessionContext sessionContext; </code></pre> <p>With the principal, I can check the username and, using the EJB Entity Manager, get the User information from the database and store in my <code>SessionInformation</code> EJB.</p> <h2>Logout:</h2> <p>I also looked around for the best way to logout. The best one that I've found is using a Servlet:</p> <pre><code> @WebServlet(name = "LogoutServlet", urlPatterns = {"/logout"}) public class LogoutServlet extends HttpServlet { @Override protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(false); // Destroys the session for this user. if (session != null) session.invalidate(); // Redirects back to the initial page. response.sendRedirect(request.getContextPath()); } } </code></pre> <p>Although my answer is really late considering the date of the question, I hope this helps other people that end up here from Google, just like I did.</p> <p>Ciao,</p> <p>Vítor Souza</p>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POPerforming user authentication in Java EE / JSF using j_security_check
  singulars
  PostTypePostTypeId
  PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USVítor E. Silva Souza
UserOwnerUserId
1. USVítor E. Silva Souza
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POPerforming user authentication in Java EE / JSF using j_security_check
  singulars
  PostTypePostTypeId
  PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
2. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
3. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTAcceptedByOriginator
CommentsPostId
1. COA small word of advice: you're using request.getSession(false) and calling invalidate() on that. request.getSession(false) may return null if there's no session. Better check if it's null first ;)
  singulars
  PostPostId
  PO
  UserUserId
  USArjan Tijms
2. CO@Vitor: Hi..Would you like to say something about when it is good to move from container based security to alternatives like shiro or others? See more focussed question here:http://stackoverflow.com/questions/7782720/when-to-move-from-container-managed-security-to-alternatives-like-apache-shiro
  singulars
  PostPostId
  PO
  UserUserId
  USRajat Gupta

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.