stackoom
  简体   繁体   中英

JSF JDBC realm form based authentication search by username and email address

 原文  2016-10-07 09:57:55       java/ security/ jsf/ jakarta-ee/ glassfish

Question

I am using Glassfish JDBC realm for the authentication of users, so authentication process is managed by its container. I need to use userid/email address as a username. Both userid and email address has different column in postgres user table and i am using JPA. In short user can be logged in by its userid or email.

I have written programatically login and logout methods. login has only two arguments

request.login(username, password);

After searching on google i have a doubt that i have to use somehow user provider which i don't know.

在此处输入图片说明

in Below figure i can just enter USERID by i would like to have EMAIL column as well. 在此处输入图片说明

any suggestions/hint/idea would be appreciable.

1 answers

solution1
 2 ACCPTED  2016-10-10 09:07:41

There are serveral approaches you can take:

  1. If you aren't interested in the username but just the fact that the user authenticated correctly, you can use a database view unioning userid and email into one column:

    CREATE VIEW vUsers AS
    SELECT userid, password from Users where userid IS NOT NULL
    UNION ALL
    SELECT email, password from Users where email IS NOT NULL

    (note this syntax is not expected to work)
    You now can redirect the JDBC configuration to that view.

    This is probably not the way you wan't to go. In most cases, after authentication some decisions are made based on the login name. This can now be either email or userid. An Unique login name for the same person is better.

  2. Process the username before login via HttpServletRequest#login :
    Because userid and email usually are of different formats, you can decide, which one the user provided at the login form.

    • If it is a userid, you can use the HttpServletRequest#login method directly.
    • If it is an email you can lookup the userid for the email and then use HttpServletRequest#login .

    This way. you can not use glassfish form login anymore, but you always end up with the userid as login name.

    See https://docs.oracle.com/cd/E19798-01/821-1841/gircj/index.html

  3. Write your own login module:
    You could write your own JAAS Login Module. There are several tutorials out there. Nevertheless, this would basically boil down to distinguish between email and userid, so method 2 should suffice.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JDBC Realm Form Authentication Glassfish 3 security - Form based authentication using a JDBC Realm Form based authentication in JSF Authentication with JDBC Realm Tomcat 7 realm configuration for form based authentication JDBC Realm authentication bug Glassfish 4 How to get username after login with FORM based authentication firebase authentication with email and username and password Search for contact based on email address using People API Using JDBC to implement username and password authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM