JAVA EE remember me

Question

Using JSF and j_security_check , how can I implement the remember me functionality? Now I can add remoteUser to the cookie and find User . From user I can extract login and password(hash) . When using req.login(user.getLogin(), user.getPassword()) I get a Security Exception , as I understand it because of j_security_check .

Sergey Sergey 5.364 one 6 15 · Answer 1 · 2016-05-31T15:28:05

Just need to develop its own authentication mechanism, which is implemented quite deeply in the depths of the application server, in the processing of http-request. The javaee standard does not cover this aspect. Learn the insides of a specific application server. And in addition, the authentication module is already by the standards (I do not remember the name).
This is if you want to use all the services of javaee: @RolesAllowed there ... so that the user and his roles in the EJB are recognized ...

If you can do without it, then you can find a solution on the filters. For example Apache Shiro. But there javaee does not work, there its own implementation of secrecy, which does not fit in with javaee.

It is possible to do authentication in a fashionable way, using a separate login server (and one for all or only for some applications).
Keycloak has a lot of features. Remember me is not even the main one. There is an implementation of the authentication mechanism for Wildfly servers, so standard annotations and EJBs work there. The main thing is to figure out how to drive your user base there. It is not very difficult.

Listen, you couldn’t throw off fine articles or materials on java ee.
Or leave some contacts where you can be contacted and you would drop the materials.
There is nothing on javaee except the standard manual, which is on the oracle website.
What is not there is a description of the structure of the finished files: war, ear, etc. descriptions of deployment descriptors.

JAVA EE remember me

1 answer 1

More articles: