Basic Authentication and PrimeFaces Methods
Explore how to implement form-based authentication in JakartaEE web applications using PrimeFaces. Learn to configure authentication with security constraints, create login forms with standard naming requirements, and handle user validation through CDI beans and the security API. Understand the setup of protected resources and testing methods for secure login flows.
Overview
In the chapter “Window Shopping,” we always used the Basic authentication method. However, many other standardized authentication methods are more helpful than this one. In the Basic authentication method, the end user has to fill in their credentials in a basic dialog. We want to present the user with a nice login form that can be styled according to the rest of the application. This can be achieved by the form-based authentication method. Other methods may be preferable depending on the application’s use case. These include OpenID Connect and identifications based on client certificates or tokens.
For the form-based method, a standard URL is defined within Jakarta Security, j_security_check, where the username and password (with standard names j_username and j_password) can be handled.
The server picks up these values and validates them against a realm, as we did in the lesson Standards Basic Method.
Using OAuth2 and OpenID Connect requires an entirely different approach, as we will see in lessons OAuth2 and OpenID Connect. To get started, let’s look at the form-based authentication method for a web application.
PrimeFaces based form method
In this lesson’s example, we will use
We will define the protected ...