Войти через Facebook, JavaEE, j_security_check

Question

Войти через Facebook, JavaEE, j_security_check

Привет!Я пытаюсь сделать логин с помощью Facebook в моем приложении, и есть некоторая проблема ... Обычно я использую j_security_check, и он отлично работает.У меня есть 3 актера: сотрудник, администратор, пользователь, чьи формы хранятся в защищенных каталогах: сотрудник, администратор, пользователь.У меня есть еще один каталог для хранения некоторых форм, который используется пользователем, вышедшим из системы.Логин, пароль и т. Д. Я храню в базе данных, конечно.https://i.snag.gy/ZM8Gek.jpg

backend -> JavaEE

frontend -> JSF

Итак ... вопрос в том, как заставить мой j_security_check изменить j_username, j_password наисправить и изменить статус сеанса на «авторизован»?Обычно все хранится в моем конфиге glassfish, и я понятия не имею, как вручную изменить поле "j_username / j_password" в моих управляемых компонентах ...

Кстати, может быть, это плохой способ решить эту проблему?Если у кого-нибудь есть какой-нибудь совет ... пожалуйста, помогите мне, ребята: <Мой срок наступает ... </p>

Мой xhtml с j_security_check

<h:inputText id="j_username" size="20" styleClass="input" p:placeholder="login" required="true"/>
<h:inputSecret id="j_password" size="20" styleClass="input" p:placeholder="password" required="true"/>
<input type="submit" value="login" />

web.xml

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>jdbc-realm</realm-name>
    <form-login-config>
        <form-login-page>/faces/login_register/Login.xhtml</form-login-page>
        <form-error-page>/faces/error/LoginErrors.xhtml</form-error-page>
    </form-login-config>
</login-config>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Restricted Access User</web-resource-name>
        <url-pattern>/_User/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>USER</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Restricted Access Admin</web-resource-name>
        <url-pattern>/_Admin/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ADMIN</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Restricted Access Employee</web-resource-name>
        <url-pattern>/_Employee/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>EMPLOYEE</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>


<security-role>
    <description/>
    <role-name>USER</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>ADMIN</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>EMPLOYEE</role-name>
</security-role>

Мой JSP-файл с некоторым Javacript для входа в систему с FB

<!DOCTYPE html>
<head>
    <meta charset="UTF-8">
</head>
<body>
<script async defer src="https://connect.facebook.net/en_US/sdk.js"></script>
    <script>
        // This is called with the results from from FB.getLoginStatus().
        function statusChangeCallback(response) {
            console.log('statusChangeCallback');
            console.log(response);
            // The response object is returned with a status field that lets the
            // app know the current login status of the person.
            // Full docs on the response object can be found in the documentation
            // for FB.getLoginStatus().
            if (response.status === 'connected') {
                // Logged into your app and Facebook.
                testAPI();
            } else if (response.status === 'not_authorized') {
                // The person is logged into Facebook, but not your app.
                document.getElementById('status').innerHTML = 'Login with Facebook ';
            } else {
                // The person is not logged into Facebook, so we're not sure if
                // they are logged into this app or not.
                document.getElementById('status').innerHTML = 'Login with Facebook ';
            }
        }
        // This function is called when someone finishes with the Login
        // Button. See the onlogin handler attached to it in the sample
        // code below.
        function checkLoginState() {
            FB.getLoginStatus(function(response) {
                statusChangeCallback(response);
            });
        }

        function facebookLogout()
        {
            FB.logout(function(response) {
                statusChangeCallback(response);
            });
        }

        window.fbAsyncInit = function() {
            FB.init({
                appId : '2106519296320040',
                cookie : true, // enable cookies to allow the server to access
                // the session
                xfbml : true, // parse social plugins on this page
                version : 'v2.2' // use version 2.2
            });
            // Now that we've initialized the JavaScript SDK, we call
            // FB.getLoginStatus(). This function gets the state of the
            // person visiting this page and can return one of three states to
            // the callback you provide. They can be:
            //
            // 1. Logged into your app ('connected')
            // 2. Logged into Facebook, but not your app ('not_authorized')
            // 3. Not logged into Facebook and can't tell if they are logged into
            // your app or not.
            //
            // These three cases are handled in the callback function.

            FB.getLoginStatus(function(response) {
                statusChangeCallback(response);
            });
        };
        // Load the SDK asynchronously
        (function(d, s, id) {
            var js, fjs = d.getElementsByTagName(s)[0];
            if (d.getElementById(id)) return;
            js = d.createElement(s); js.id = id;
            js.src = "//connect.facebook.net/en_US/sdk.js";
            fjs.parentNode.insertBefore(js, fjs);
        }(document, 'script', 'facebook-jssdk'));

        // Here we run a very simple test of the Graph API after login is
        // successful. See statusChangeCallback() for when this call is made.
        function testAPI() {
            console.log('Welcome! Fetching your information.... ');
            FB.api('/me?fields=name,email', function(response) {
                console.log('Successful login for: ' + response.name);

                document.getElementById("status").innerHTML = '<p>Welcome '+response.name+'! <a href=fblogincontroller.jsp?user_name='+ response.name.replace(" ", "_") +'&user_email='+ response.email +'>Continue with facebook login</a></p>'
            });
        }


        function fbLogout() {
            FB.logout(function (response) {
                //Do what ever you want here when logged out like reloading the page

                window.location.reload();
            });
        }
    </script>
    <!--
     Below we include the Login Button social plugin. This button uses
     the JavaScript SDK to present a graphical Login button that triggers
     the FB.login() function when clicked.
    -->
    <br><br>
    <fb:login-button scope="public_profile,email" onlogin="checkLoginState();">
    </fb:login-button>

    <div id="status">
    </div>
    <script type="text/javascript">
    </script>
</body>
</html>