12.3. Authentication
PicketLink supports different authentication schemes, they are:
-
HTTP BASIC -
HTTP DIGEST -
HTTP X.509 or CLIENT-CERT -
FORM -
Token-Based -
Write Your Own Method
When you configure the authentication policies to a specific path you just need to provide any of the available authentication schemes available from the
authenticateWith() method provided by the HttpSecurityBuilder.
httpBuilder
.forPath("/rest/*")
.authenticateWith()
.basic()
Some authentication schemes provide additional configuration to configure a specific behavior. In the next sections we'll cover each of them in more details.
12.3.1. Form Authentication
This authentication scheme allows you to authenticate your users using a HTML Form element to capture user's credentials. If you're already familiar with the Java JEE FORM authentication method, you'll find this very similar.
To configure this authentication scheme for a specific path just do:
httpBuilder
.forPath("/faces/*.xhtml")
.authenticateWith()
.form()
.loginPage("/faces/login.xhtml")
.errorPage("/faces/loginFailed.xhtml");
You will also need a login page with a HTML Form just like that:
<form method="POST" action="j_security_check"> <input type="text" name="j_username"/> <input type="password" name="j_password"/> <input type="submit" name="login" value="Login"/> </form>
By default, once the user is authenticated, PicketLink will always redirect the authenticated user to your application's context path. But sometimes you may want to restore the original request, the one used to start the authentication process. In this case, PicketLink will redirect the user to the original request once the authentication finishes. To enable this behavior just do:
httpBuilder
.forPath("/faces/*.xhtml")
.authenticateWith()
.form()
.loginPage("/faces/login.xhtml")
.errorPage("/faces/loginFailed.xhtml")
.restoreOriginalRequest();
Here, we used the
restoreOriginalRequest() to enable this behavior.