题
I'm just starting down the track of developing web apps and have started with JSF 2.2 on Java EE 7, GlassFish 4.
I thought I'd start with the very basics. I just want to protect the entire site, so every page you navigate to would first require you to authenticate yourself. So I read through the Java EE 7 Tutorial and tried the samples, modified them and then started to break them in ways I didn't think they would break. I tried all sorts of angles, but I'd generally end up in two situations:
https://stackoverflow.com/questions/17870131
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian/index.xhtml as defined by <welcome-file-list>, and be prompted to login; but on submitting the username/password I'd be instantly directed back to the login form.<h:commandButton> to point to index. This worked, but when I submitted the form on the index page which should take me to the response.xhtml page, I'd end up back at the login form instead of at the response page.After many hours of trawling the net, it seemed that the reason I had broken the login procedure was because I had changed the plain HTML login form to use JSF tags like <h:form>, instead of <form>.
There is a discussion here that says you should not do this with login forms. To quote an interesting line from that page:
To make such a page login, make the actual login form be HTML and not JSF and code it according to the j2EE standards for login forms. Use the HTML form tag instead of the JSF form, and make sure you code an HTML SUBMIT button and not a JSF commandButton!
Once I changed it back to plain old HTML it worked. But I don't understand why. Can anyone enlighten me?! I think I am missing something fundamental which I need to understand if I'm going to start writing web apps in JSF.
Many thanks...
解决方案
It's because <h:form> submits to the current URL (in web development terms also known as "postback"), not to j_security_check, while the form based authentication intercepts on j_security_check URLs.
It's however not true that using a JSF form for form based authentication is impossible. It's quite possible, you only need to perform the login in backing bean using HttpServletRequest#login() yourself.
