Redirect after Realm authentication on Glassfish

Question

I'm currently running a JPA/EJB/JSF application on Glassfish and using the security JDBC realm for authentication. The realm works pretty well, fulfilling the requirements, until the customer asked for a small change on the navigation.

Today, if you try to access a protected page, the authentication mechanism will redirect you to a login page specified in the web.xml. Perfect! Once the authentication is successful, you are redirected back to the page you were trying to access. Fair enough. However, the customer decided that after every successful authentication, the user should be redirected to the home page instead, no matter which page he/she was trying to access before. The question is, how can we change the realm in order to be redirected to a fixed page after every successful authentication?

Answer 1

You can't. The container managed authentication doesn't allow that fine grained configuration (which is exactly why 3rd party authentication frameworks like Apache Shiro and Spring Security exist).

Your best bet is to replace the container managed login by a programmatic login. Change the <form action="j_security_check"> by a <h:form> which submits to a JSF action method like this

public void login() throws IOException {
    FacesContext context = FacesContext.getCurrentInstance();
    ExternalContext externalContext = context.getExternalContext();
    HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();

    try {
        request.login(username, password);
        externalContext.redirect(homepageURL);
    } catch (ServletException e) {
        context.addMessage(null, new FacesMessage("Unknown login"));
    }
}

See also:

• Performing user authentication in Java EE / JSF using j_security_check