Verifying additional parameter with j-security-check

Question

I have implemented web application login using j-security-check which accepts parameters j_username and j_password for authentication with background registry. Now, I need to add date of birth as one more parameter and need to authenticate the user with this parameter too.

Is there a way to extend j-security-check to accept additional parameters? I would like to avoid performing the check in a servlet filter, if possible.

Using WebSphere V8, MyFaces JSF 2.0, Servlet 3.0, Custom database based authentication

Answer 1

The easiest way would be to append the date of birth to the actual j_username (ie. with JavaScript and then manually split it in the login module.

Answer 2

Replace j_security_check by programmatic login via HttpServletRequest#login().

E.g.

<h:form>
    <h:inputText value="#{bean.username}" />
    <h:inputSecret value="#{bean.password}" />
    <h:inputText value="#{bean.birthdate}" />
    <h:commandButton value="Login" action="#{bean.login}" />
</h:form>

with

public void login() {
    // Do your thing with birthdate here.

    // ...

    // Then perform programmatic login.
    try {
        request.login(username, password);
        // Login success. Redirect to landing page.
    } catch (ServletException e) {
        // Login fail. Return to login page.
    }
}

This is in detail outlined in 2nd part of this answer: Performing user authentication in Java EE / JSF using j_security_check