Tadas B.
Reputation: 176
Redirect user based on his Role in Jakarta EE web app
I have Jakarta EE 10 web application with CustomFormAuthenticationMechanismDefinition. My web.xml setting:
<welcome-file-list>
<welcome-file>app/index.xhtml</welcome-file>
</welcome-file-list>
I have settings for these security-constraint with recquired auth-constraint for access
/app/* is an application users area
/client/* is client path
For login action I have this code:
public void execute() throws IOException {
switch (processAuthentication()) {
case SEND_CONTINUE:
fc.responseComplete();
break;
case SEND_FAILURE:
fc.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "Invalid Credentials", null));
break;
case SUCCESS:
if (isClientRole()) {
context.redirect(context.getRequestContextPath() + "/client/nets.xhtml");
} else {
context.redirect(context.getRequestContextPath() + "/app/index.xhtml");
}
break;
}
}
private AuthenticationStatus processAuthentication() {
return securityContext.authenticate((HttpServletRequest) context.getRequest(),
(HttpServletResponse) context.getResponse(),
AuthenticationParameters.withParams()
.credential(new UsernamePasswordCredential(username, password)));
}
SUCCESS part works as expected, but SEND_CONTINUE part is still unknown behavior like described in this question and I can't find, how to control it.
So question is - what is a right way redirect user based on his Role in JavaEE/Jakarta EE Security?
Upvotes: 0
Views: 85
Answers (0)
Related Questions
- Jakarta EE 8 Security > Wildfly 26 Elytron - Role not being set
- Jakarta EE 10: Why am I being asked to login again after already loggin in?
- How to activate my own Jakarta HttpAuthenticationMechanism implementation in Jakarta EE app
- Jakarta EE Security - Using Multiple Identity Stores / Passing Requested Role
- Integrating Spring Security with Jakarta EE 8 Security and JSF?
- Reason for "java.lang.NoClassDefFoundError: org/apache/openejb/loader/OpenEJBInstance"
- JSTL support in Weblogic
- Problem on web.xml when deploying GWT into JBoss