some relevant code from web.xml:
<security-constraint>
<display-name>Web Security</display-name>
<web-resource-collection>
<web-resource-name>rich</web-resource-name>
<url-pattern>/pages/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Users</role-name>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Admin Web Security</display-name>
<web-resource-collection>
<web-resource-name>rich_admin</web-resource-name>
<url-pattern>/adm/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myrealmLdapAuthenticator</realm-name>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/login.jsf</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Users</role-name>
</security-role>
<security-role>
<role-name>Administrators</role-name>
</security-role>
the security-role role-names are defined in our LDAP server.
the most relevant line from LoginBean.java:
FacesContext.getCurrentInstance().getExternalContext().redirect("/pages/j_security_check?j_username="+username+"&j_password="+password);
WebAuthentication webA = new WebAuthentication();
webA.login(username, password);
this is done when backend authentication, plus anything you need to check/set before you welcome the user into the application, is complete. note that LoginBean.java is declared with request scope in faces-config.xml and the class itself has the annotation @org.ajax4jsf.model.KeepAlive
and some code from login.xhtml:
<h:messages showDetail="false" showSummary="true" layout="list" styleClass="rich-messages-label" />
<h:form id="checkPassword">
<h:panelGrid columns="2">
<h:outputLabel for="username" value="#{loginBean.getPropertyValue('label.username')}" />
<h:inputText required="true" id="username" value="#{loginBean.username}" />
<h:outputLabel for="password" value="#{loginBean.getPropertyValue('label.password')}" />
<h:inputSecret required="true" id="password" value="#{loginBean.password}" />
</h:panelGrid>
<h:commandButton value="#{loginBean.getPropertyValue('label.login')}" action="#{loginBean.login}" disabled="#{loginBean.mustChangePassword}" reRender="checkPassword,authenticate" />
</h:form>
<h:form id="authenticate" rendered="#{loginBean.mustChangePassword}">
<h:panelGrid columns="2">
<h:outputLabel for="currentpassword" value="#{loginBean.getPropertyValue('label.passwordCurrent')}" />
<h:inputSecret required="true" id="currentpassword" value="#{loginBean.password}" />
<h:outputLabel for="newpassword" value="#{loginBean.getPropertyValue('label.passwordNew')}" />
<h:inputSecret required="true" id="newpassword" value="#{loginBean.newPassword}" />
<h:outputLabel for="confirmnewpassword" value="#{loginBean.getPropertyValue('label.passwordConfirmNew')}" />
<h:inputSecret required="true" id="confirmnewpassword" value="#{loginBean.confirmNewPassword}" />
</h:panelGrid>
<h:commandButton value="#{loginBean.getPropertyValue('label.save')}" action="#{loginBean.authenticate}" />
</h:form>