RichFaces - How to handle external Login mechanism like OpenID
Today I found a solution for a login problem I was faced with since a long time using RichFaces and Facelets in my JEE Web App.
The problem was that my Login Form uses an external login mechanism (OpenID) to log in the user.
After the first successful login the RichFaces page is not loaded correctly (styles and scripts are not loaded). If the user reloads the page after the first login everything works well.
I saw that some people are faced with this problem in similar situations. So I will try to explain my solution I found today.
My application has to areas - a unrestricted (/*) and a restricted (/secured/*) area. So when the user try to access a restricted (RichFaces) page (e.g. /secured/page-a.jsf) my loginForm - located in the unrestricted area (/login.jsf) appears. So the user can first perform a login. Typical for OpenID the login mechanims is handled by a Servlet. The Servlet knows the first Request to the restricted page. After successful login the Servlet will redirect the user again to that restricted page. But this (RichFaces)page now will not be rendered correctly because the request goes no longer through the RichFaces Servlet Filter. So CSS and Scrips will not be loaded!
I solved this situation as I changed the startup mechanism of my application. The first thing the user will see is the Loginpage itself! The LoginPage is located in an unrestricted area. Now after the user logged in successfull, the login form (servlet) will redirect the user to an restricted RichFaces Page. And in this case the restricted RichFaces Page will be rendered correctly as the full request goes now through the RichFaces Servlet Filter. This works as there is no cascading redirect through different servlets.
I know that this sounds a little bit confusing but it works for me. If you have found other solutions for that problem please let me know.
Posted at 08:37AM Dez 07, 2008
Posted by: Ralph
Category: General