Verifying additional parameter with j-security-check

Question

I have implemented web application login using j-security-check which accepts parameters j_username and j_password for authentication with background registry. Now, I need to add date of birth as one more parameter and need to authenticate the user with this parameter too.

Is there a way to extend j-security-check to accept additional parameters? I would like to avoid performing the check in a servlet filter, if possible.

Using WebSphere V8, MyFaces JSF 2.0, Servlet 3.0, Custom database based authentication

score 1 · Accepted Answer · answered Mar 08 '13 at 07:40

1

The easiest way would be to append the date of birth to the actual j_username (ie. with JavaScript and then manually split it in the login module.

answered Mar 08 '13 at 07:40

Struchu

76
2
8

This can be an option. I was thinking to keep this as one of the last options :) – ad-inf Mar 09 '13 at 14:51
I faced this problem some time ago and simply haven't found any other solutions ;-) – Struchu Mar 09 '13 at 22:38
I take this as a solution as I could not find any alternate option – ad-inf Apr 03 '13 at 06:22

score 1 · Answer 2 · edited May 23 '17 at 11:50

Replace j_security_check by programmatic login via HttpServletRequest#login().

E.g.

<h:form>
    <h:inputText value="#{bean.username}" />
    <h:inputSecret value="#{bean.password}" />
    <h:inputText value="#{bean.birthdate}" />
    <h:commandButton value="Login" action="#{bean.login}" />
</h:form>

with

public void login() {
    // Do your thing with birthdate here.

    // ...

    // Then perform programmatic login.
    try {
        request.login(username, password);
        // Login success. Redirect to landing page.
    } catch (ServletException e) {
        // Login fail. Return to login page.
    }
}

This is in detail outlined in 2nd part of this answer: Performing user authentication in Java EE / JSF using j_security_check

Verifying additional parameter with j-security-check

2 Answers2