Question

I'm using container based security in my jsf application (j_security) using glassfish to authenticate users for secured pages. However, within the application, I have more restricted pages that requires to re-enter passwords even when the user is logged in. Creating multiple constrains would not be helpful as the session is already live.

How can this be accomplished?

Was it helpful?

Solution

You can use servlet filter say "SecondAuth" in which you can check if user has already authenticated second time or not by referring a session flag; and if not, you can redirect to second authentication page. Remember to store the requested URL in session variable. Once user successfully authenticate again you can redirect to the requested page.

You can protect multiple pages using web.xml configuration as below:

web.xml

<filter>
    <filter-name>secondauth</filter-name>
    <filter-class>com.auth.SecondAuth</filter-class>
</filter>
<filter-mapping>
    <filter-name>secondauth</filter-name>
    <url-pattern>/app/secure1.jsp</url-pattern>
    <url-pattern>/app/secure2.jsp</url-pattern>
</filter-mapping>

For how to use servlet filter you can refer to How to use a servlet filter in Java to change an incoming servlet request url?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top