In my web application, I have a checkout process where the user can decide whether he wants to login or not. The process is the same, but with the login the data in the checkout process gets prefilled.
shopping cart --> continue with/without login --> checkout
I know how to "secure" specific pages with the container managed login, but how to I implement an "optional login"? I searched the internet long time, but only found the conventional methods for login, unfortuneatly not what I need.
Is there a way by appending a querystring to the return value of a action method?
public String withLogin () {
return "checkout.xhtml?login=true";
}
public String noLogin() {
return "checkout.xhtml";
}
Any help and ideas are appreciated.
Solution:
Based on kolossus' answer I found my solution. The authenticate-Method was what I needed but didn't found.
So I implemented a WebFilter which does the authentication based on the url paramater login=true which I return from the ManagedBean as mentioned above.
@WebFilter("/order/checkout.xhtml")
public class LoginFilter implements Filter{
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
if(("true").equals(req.getParameter("login"))) {
req.authenticate((HttpServletResponse) response);
}
chain.doFilter(request, response);
}
// init and destroy Method
}
Although kolossus said that one should not display the "login option" in the URL (I partly agree) I used it this way anyway, because the user can decide if he wants to login or not on his own (by clicking a different button) and it's not a security issue.