Added JAAS authentication

Tuomas Riihimäki
Commit 925fef77 authored Apr 17, 2010 by Tuomas Riihimäki
Showing with 460 additions and 28 deletions
code/LanBortalAuthModule.jar
code/LanBortalAuthModule/.classpath
code/LanBortalAuthModule/.project
code/LanBortalAuthModule/.settings/org.eclipse.jdt.core.prefs
code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalLoginModule.java
code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalRealm.java
code/LanBortalBeans/ejbModule/META-INF/sun-ejb-jar.xml
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
code/LanBortalBeansClient/UserBeanLocal.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/RoleBeanLocal.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanRemote.java
code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/PasswordFunctions.java
code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
code/LanBortalWeb/WebContent/WEB-INF/web.xml
code/LanBortalWeb/WebContent/auth/login.xhtml
code/LanBortalWeb/WebContent/auth/logout.xhtml
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
--- a/code/LanBortalAuthModule.jar
+++ b/code/LanBortalAuthModule.jar
--- a/code/LanBortalAuthModule/.classpath
+++ b/code/LanBortalAuthModule/.classpath
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry combineaccessrules="false" exported="true" kind="src" path="/LanBortalBeansClient"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/com.sun.enterprise.jst.server.runtimeTarget/GlassFish v3 Java EE 6"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>
--- a/code/LanBortalAuthModule/.project
+++ b/code/LanBortalAuthModule/.project
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>LanBortalAuthModule</name>
+	<comment></comment>
+	<projects>
+		<project>LanBortalBeansClient</project>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>
--- a/code/LanBortalAuthModule/.settings/org.eclipse.jdt.core.prefs
+++ b/code/LanBortalAuthModule/.settings/org.eclipse.jdt.core.prefs
+#Sat Apr 17 01:39:34 EEST 2010
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.debug.lineNumber=generate
+org.eclipse.jdt.core.compiler.debug.localVariable=generate
+org.eclipse.jdt.core.compiler.debug.sourceFile=generate
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.6
--- a/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalLoginModule.java
+++ b/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalLoginModule.java
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ * 
+ * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ * 
+ * The contents of this file are subject to the terms of either the GNU
+ * General Public License Version 2 only ("GPL") or the Common Development
+ * and Distribution License("CDDL") (collectively, the "License").  You
+ * may not use this file except in compliance with the License. You can obtain
+ * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ * or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ * language governing permissions and limitations under the License.
+ * 
+ * When distributing the software, include this License Header Notice in each
+ * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ * Sun designates this particular file as subject to the "Classpath" exception
+ * as provided by Sun in the GPL Version 2 section of the License file that
+ * accompanied this code.  If applicable, add the following below the License
+ * Header, with the fields enclosed by brackets [] replaced by your own
+ * identifying information: "Portions Copyrighted [year]
+ * [name of copyright owner]"
+ * 
+ * Contributor(s):
+ * 
+ * If you wish your version of this file to be governed by only the CDDL or
+ * only the GPL Version 2, indicate your decision by adding "[Contributor]
+ * elects to include this software in this distribution under the [CDDL or GPL
+ * Version 2] license."  If you don't indicate a single choice of license, a
+ * recipient has the option to distribute your version of this file under
+ * either the CDDL, the GPL Version 2 or to extend the choice of license to
+ * its licensees as provided above.  However, if you add GPL Version 2 code
+ * and therefore, elected the GPL Version 2 license, then the option applies
+ * only if the new code is made subject to such option by the copyright
+ * holder.
+ */
+package fi.insomnia.bortal;
+import java.util.Enumeration;
+import javax.security.auth.login.LoginException;
+import com.sun.appserv.security.AppservPasswordLoginModule;
+import com.sun.enterprise.security.auth.realm.InvalidOperationException;
+import com.sun.enterprise.security.auth.realm.NoSuchUserException;
+import fi.insomnia.bortal.beans.SessionHandlerBeanRemote;
+/**
+ * 
+ * @author nithyasubramanian SampleLoginModule - extends
+ *         AppservPasswordLoginModule Sample class to be referenced by the
+ *         SampleRealm class . Overrides the authenticateUser() method that
+ *         authenticates the user using user-password information and calls
+ *         commitUserAuthentication
+ */
+public class BortalLoginModule extends AppservPasswordLoginModule {
+//	private static final org.slf4j.Logger logger = LoggerFactory.getLogger(BortalLoginModule.class);
+	/**
+	 * Overrides the authenticateUser() method in AppservPasswordLoginModule
+	 * Performs authentication of user
+	 * 
+	 * @throws javax.security.auth.login.LoginException
+	 */
+	protected void authenticateUser() throws LoginException {
+		log((new StringBuilder()).append("CustomRealm Auth Info:_username:")
+				.append(_username).append(";_password:").append(_password)
+					.append(";_currentrealm:").append(_currentRealm).toString());
+		// Check if the given realm is SampleRealm
+		if (!(_currentRealm instanceof BortalRealm)) {
+			throw new LoginException("Realm not SampleRealm");
+		}
+		SessionHandlerBeanRemote authbean = BortalRealm.getAuthBean();
+		if (authbean == null) {
+			throw new LoginException("Error. Could not get authentication bean!");
+		}
+		// Authenticate User
+		BortalRealm samplerealm = (BortalRealm) _currentRealm;
+		if (!authbean.authenticate(_username, _password)) {
+			// Login fails
+			throw new LoginException((new StringBuilder())
+					.append("customrealm:Login Failed for user  ")
+						.append(_username).toString());
+		}
+		// Login succeeds
+		log((new StringBuilder()).append("SimpleRealm:login succeeded for  ")
+				.append(_username).toString());
+		// Get group names for the authenticated user from the Realm class
+		Enumeration<String> enumeration = null;
+		String authenticatedGroups[] = new String[2];
+		try {
+			enumeration = samplerealm.getGroupNames(_username);
+		} catch (InvalidOperationException invalidoperationexception) {
+			throw new LoginException((new StringBuilder())
+					.append("An InvalidOperationException was thrown " +
+							"   while calling getGroupNames() on the SampleRealm ")
+						.append(invalidoperationexception).toString());
+		} catch (NoSuchUserException nosuchuserexception) {
+			throw new LoginException((new StringBuilder())
+					.append("A NoSuchUserException was thrown " +
+							"   while calling getGroupNames() on the SampleRealm ")
+						.append(nosuchuserexception).toString());
+		}
+		for (int i = 0; enumeration != null && enumeration.hasMoreElements(); i++)
+			authenticatedGroups[i] = (String) enumeration.nextElement();
+		// Call commitUserAuthentication with the groupNames the user belongs to
+		commitUserAuthentication(authenticatedGroups);
+	}
+	private void log(String s) {
+		 System.out.println((new StringBuilder())
+				.append("SimpleCustomLoginModule::").append(s).toString());
+	}
+}
--- a/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalRealm.java
+++ b/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalRealm.java
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ * 
+ * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ * 
+ * The contents of this file are subject to the terms of either the GNU
+ * General Public License Version 2 only ("GPL") or the Common Development
+ * and Distribution License("CDDL") (collectively, the "License").  You
+ * may not use this file except in compliance with the License. You can obtain
+ * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ * or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ * language governing permissions and limitations under the License.
+ * 
+ * When distributing the software, include this License Header Notice in each
+ * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ * Sun designates this particular file as subject to the "Classpath" exception
+ * as provided by Sun in the GPL Version 2 section of the License file that
+ * accompanied this code.  If applicable, add the following below the License
+ * Header, with the fields enclosed by brackets [] replaced by your own
+ * identifying information: "Portions Copyrighted [year]
+ * [name of copyright owner]"
+ * 
+ * Contributor(s):
+ * 
+ * If you wish your version of this file to be governed by only the CDDL or
+ * only the GPL Version 2, indicate your decision by adding "[Contributor]
+ * elects to include this software in this distribution under the [CDDL or GPL
+ * Version 2] license."  If you don't indicate a single choice of license, a
+ * recipient has the option to distribute your version of this file under
+ * either the CDDL, the GPL Version 2 or to extend the choice of license to
+ * its licensees as provided above.  However, if you add GPL Version 2 code
+ * and therefore, elected the GPL Version 2 license, then the option applies
+ * only if the new code is made subject to such option by the copyright
+ * holder.
+ */
+package fi.insomnia.bortal;
+import java.util.Enumeration;
+import java.util.Properties;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import com.sun.appserv.security.AppservRealm;
+import com.sun.enterprise.security.auth.realm.BadRealmException;
+import com.sun.enterprise.security.auth.realm.InvalidOperationException;
+import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
+import com.sun.enterprise.security.auth.realm.NoSuchUserException;
+import fi.insomnia.bortal.beans.SessionHandlerBeanRemote;
+/**
+ * 
+ * @author nithyasubramanian SampleRealm - class extending AppservRealm Sample
+ *         Custom Realm Class that stores user-group information
+ */
+public class BortalRealm extends AppservRealm {
+//	private static final Logger logger = LoggerFactory.getLogger(BortalRealm.class);
+	/**
+	 * Initialization - set the jaas-context property, Set UserA to devGroup and
+	 * user B to testGroup
+	 * 
+	 * @param properties
+	 *            - Key-Value pairs defined in the Realm
+	 * @throws com.sun.enterprise.security.auth.realm.BadRealmException
+	 * @throws com.sun.enterprise.security.auth.realm.NoSuchRealmException
+	 */
+	public void init(Properties properties)
+			throws BadRealmException, NoSuchRealmException {
+		super.init(properties);
+		log("Init SampleRealm");
+		String propJaasContext = properties.getProperty(JAAS_CONTEXT_PARAM);
+		if (propJaasContext != null) {
+			setProperty(JAAS_CONTEXT_PARAM, propJaasContext);
+		}
+	}
+	/**
+	 * 
+	 * @return authType
+	 */
+	public String getAuthType() {
+		return "Omnia Lan system authentication Realm";
+	}
+	/**
+	 * 
+	 * @param user
+	 * @return Enumeration - List of groups to which user belongs
+	 * @throws com.sun.enterprise.security.auth.realm.InvalidOperationException
+	 * @throws com.sun.enterprise.security.auth.realm.NoSuchUserException
+	 */
+	public Enumeration<String> getGroupNames(String user)
+			throws InvalidOperationException, NoSuchUserException {
+		return getAuthBean().getGroupNames(user);
+	}
+	private static void log(String s) {
+		System.out.println((new StringBuilder()).append("SampleRealm::").
+				append(s).toString());
+	}
+	public static SessionHandlerBeanRemote getAuthBean() {
+		Object beanObj = null;
+		try {
+			beanObj = new InitialContext().lookup("java:global/LanBortal/LanBortalBeans/SessionHandlerBean!fi.insomnia.bortal.beans.SessionHandlerBeanRemote");
+		} catch (NamingException e) {
+			log("Error fetching LoginHandlerRemote bean from initial context");
+			e.printStackTrace();
+			return null;
+		}
+		if (beanObj instanceof SessionHandlerBeanRemote) {
+			return (SessionHandlerBeanRemote) beanObj;
+		}
+		return null;
+	}
+}
--- a/code/LanBortalBeans/ejbModule/META-INF/sun-ejb-jar.xml
+++ b/code/LanBortalBeans/ejbModule/META-INF/sun-ejb-jar.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
 <sun-ejb-jar>
-  <enterprise-beans/>
+	<security-role-mapping>
+		<role-name>admin</role-name>
+		<group-name>admin</group-name>
+	</security-role-mapping>
+	<enterprise-beans />
 </sun-ejb-jar>
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
 package fi.insomnia.bortal.beans;
+import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Set;
+import java.util.Vector;
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
 import javax.ejb.EJB;
+import javax.ejb.SessionContext;
 import javax.ejb.Stateless;
 import org.slf4j.Logger;
@@ -22,7 +28,8 @@ import fi.insomnia.bortal.model.User;
 * Session Bean implementation class SessionHandlerBean
 */
 @Stateless
-public class SessionHandlerBean implements SessionHandlerBeanLocal {
+@DeclareRoles("admin")
+public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandlerBeanRemote{
    private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class);
    @EJB
@@ -31,7 +38,10 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
    private AccessRightFacade accessRightFacade;
    @EJB
    private RoleFacade roleFacade;
+    @Resource 
+    SessionContext context;
    /**
     * Default constructor.
     */
@@ -118,4 +128,24 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
        }
        return defaultUser;
    }
+    public void testing()
+    {
+        Principal principal = context.getCallerPrincipal();
+        logger.warn("principal {}",principal.getName());
+        logger.warn("Principal in admin: {}",context.isCallerInRole("admin"));
+    }
+    @Override
+    public boolean authenticate(String username, String password) {
+        return (tryLogin(username,password) != null);
+    }
+    @Override
+    public Enumeration<String> getGroupNames(String user) {
+        Vector<String> foo = new Vector<String>();
+        foo.add("admin");
+        return foo.elements();
+    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
@@ -12,7 +12,7 @@ import fi.insomnia.bortal.model.ModelInterface;
 /**
 * Session Bean implementation class GenericFacade
 */
-public abstract class  GenericFacade<PK,T extends ModelInterface<PK>> implements GenericFacadeLocal<PK,T> {
+public abstract class GenericFacade<PK,T extends ModelInterface<PK>> implements GenericFacadeLocal<PK,T> {
    private Class<T> entClass;
    public GenericFacade(Class<T>entityClass)
@@ -26,19 +26,21 @@ public abstract class  GenericFacade<PK,T extends ModelInterface<PK>> implements
    protected abstract EntityManager getEm();
+    @Override
    public void create(T entity) {
        getEm().persist(entity);
    }
+    @Override
    public void remove(T entity) {
        getEm().remove(entity);
    }
+    @Override
    public T merge(T entity) {
        return getEm().merge(entity);
    }
-    public T find(Object id) {
+    public T find(PK id) {
        return getEm().find(getEntityClass(), id);
    }

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
@@ -26,7 +26,11 @@ public class UserFacade extends IntegerPkGenericFacade<User> {
    }
    public User findByLogin(String login) {
-        TypedQuery<User> q = em.createNamedQuery("User.findByLogin", User.class);
+        //TODO: Bug in glassfish.... change when fixed...
+//        TypedQuery<User> q = em.createNamedQuery("User.findByLogin", User.class);
+//        q.setParameter("login", login);
+//        return q.getSingleResult();
+        TypedQuery<User> q = em.createQuery("SELECT u FROM User u WHERE u.login = :login", User.class);
        q.setParameter("login", login);
        return q.getSingleResult();
    }

--- a/code/LanBortalBeansClient/UserBeanLocal.java
+++ b/code/LanBortalBeansClient/UserBeanLocal.java
-package fi.insomnia.bortal.beans;
-import javax.ejb.Local;
-@Local
-public interface UserBeanLocal {
-}
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/RoleBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/RoleBeanLocal.java
@@ -7,6 +7,7 @@ package fi.insomnia.bortal.beans;
 import fi.insomnia.bortal.model.Role;
 import java.util.List;
 import javax.ejb.Local;
 /**

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
@@ -3,7 +3,7 @@ import javax.ejb.Local;
 import fi.insomnia.bortal.model.User;
-@Local
+@Local 
 public interface SessionHandlerBeanLocal {
@@ -18,4 +18,6 @@ public interface SessionHandlerBeanLocal {
    User tryLogin(String username, String password);
    User getDefaultUser();
+    void testing();
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanRemote.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanRemote.java
+package fi.insomnia.bortal.beans;
+import java.util.Enumeration;
+import javax.ejb.Remote;
+@Remote
+public interface SessionHandlerBeanRemote {
+    boolean authenticate(String username, String password);
+    Enumeration<String> getGroupNames(String user);
+}
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/PasswordFunctions.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/PasswordFunctions.java
@@ -44,10 +44,12 @@ public class PasswordFunctions {
 	public static boolean checkPlainPassword(String plainPassword,
 			String saltedPassword) {
 		String oldBase64 = saltedPassword.substring("{SSHA}".length());
 		String decodedHashedAndSalt;
 		try {
 			decodedHashedAndSalt = new String(decoder.decodeBuffer(oldBase64));
+			logger.debug("HashAndSalt: {}", decodedHashedAndSalt);
 		} catch (IOException e) {
 			logger.error("Something awful happened...", e);
 			return false;
@@ -64,7 +66,7 @@ public class PasswordFunctions {
 	}
 	private static int getSaltLenght() {
-		return 8;
+		return 4;
 	}
 	private static String generateSalt() {

--- a/code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
+++ b/code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
 <sun-web-app error-url="">
-  <context-root>/LanBortalWeb</context-root>
+	<context-root>/LanBortalWeb</context-root>
-  <class-loader delegate="true"/>
+	<security-role-mapping>
-  <jsp-config>
+		<role-name>admin</role-name>
-    <property name="keepgenerated" value="true">
+		<group-name>admin</group-name>
-      <description>Keep a copy of the generated servlet class java code.</description>
+	</security-role-mapping>
-    </property>
+	<security-role-mapping>
-  </jsp-config>
+		<role-name>user</role-name>
+		<group-name>user</group-name>
+	</security-role-mapping>
+	<class-loader delegate="true" />
+	<jsp-config>
+		<property name="keepgenerated" value="true">
+			<description>Keep a copy of the generated servlet class java code.</description>
+		</property>
+	</jsp-config>
 </sun-web-app>
--- a/code/LanBortalWeb/WebContent/WEB-INF/web.xml
+++ b/code/LanBortalWeb/WebContent/WEB-INF/web.xml
@@ -33,13 +33,31 @@
 		<filter-name>HostnameFilter</filter-name>
 		<servlet-name>Faces Servlet</servlet-name>
 	</filter-mapping>
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<realm-name>testirealmi</realm-name>
+		<form-login-config>
+			<form-login-page>/generic/login.jsf</form-login-page>
+			<form-error-page>/generic/loginError.jsf</form-error-page>
+		</form-login-config>
+	</login-config>
+	<security-role>
+		<role-name>admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>user</role-name>
+	</security-role>
 	<security-constraint>
 		<web-resource-collection>
 			<web-resource-name>forbidden</web-resource-name>
 			<url-pattern>*.xhtml</url-pattern>
 		</web-resource-collection>
 		<auth-constraint>
-			<description>asdasd</description>
+			<description>Thou shall not read the sources..</description>
 		</auth-constraint>
 	</security-constraint>

--- a/code/LanBortalWeb/WebContent/auth/login.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/login.xhtml
+<!DOCTYPE html 
+     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:users="http://java.sun.com/jsf/composite/tools/user" xmlns:c="http://java.sun.com/jsp/jstl/core">
+<h:head>
+	<title></title>
+</h:head>
+<h:body>
+	<ui:composition template="/layout/default-template.xhtml">
+		<ui:define name="title">CreateUser</ui:define>
+		<ui:define name="header">Add new user</ui:define>
+		<ui:define name="content">
+			<
+			<form method="post" action="j_security_check">
+			<table border="0">
+				<tr>
+					<td>#{i18n['login.username']}</td>
+					<td><input type="text" name="j_username" /></td>
+				</tr>
+				<tr>
+					<td>#{i18n['login.password']}</td>
+					<td><input type="password" name="j_password" /></td>
+				</tr>
+			</table>
+			<input type="submit" value="#{i18n['login.submit']}" />
+			</form>
+		</ui:define>
+		<ui:define name="footer">footer</ui:define>
+	</ui:composition>
+</h:body>
+</html>
\ No newline at end of file
--- a/code/LanBortalWeb/WebContent/auth/logout.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/logout.xhtml
+<!DOCTYPE html 
+     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:users="http://java.sun.com/jsf/composite/tools/user" xmlns:c="http://java.sun.com/jsp/jstl/core">
+<h:head>
+	<title></title>
+</h:head>
+<h:body>
+	<ui:composition template="/layout/default-template.xhtml">
+		<ui:define name="title">CreateUser</ui:define>
+		<ui:define name="header">Add new user</ui:define>
+		<ui:define name="content">
+			Logged out.${userView.logout() }
+		</ui:define>
+		<ui:define name="footer">footer</ui:define>
+	</ui:composition>
+</h:body>
+</html>
\ No newline at end of file
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
@@ -24,10 +24,10 @@ import fi.insomnia.bortal.model.User;
 @ManagedBean(name = "userView")
 @SessionScoped
 public class UserView {
    @ManagedProperty("#{sessionHandler}")
    private SessionHandler sessionhandler;
    @EJB
    private SessionHandlerBeanLocal sessionbean;
@@ -46,8 +46,6 @@ public class UserView {
        return "userEdit";
    }
    public String getLocale() {
        return "en_ST_v7";
    }
@@ -79,6 +77,7 @@ public class UserView {
    }
    public ListDataModel<User> getUsers() {
+        sessionbean.testing();
        List<User> users = userBean.getUsers();
        items = new ListDataModel<User>(users);
        logger.info("Fetching users. Found {}", items.getRowCount());
@@ -111,6 +110,7 @@ public class UserView {
    public User getUser() {
        return user;
    }
    public void setSessionhandler(SessionHandler sessionhandler) {
        this.sessionhandler = sessionhandler;
    }
@@ -118,4 +118,15 @@ public class UserView {
    public SessionHandler getSessionhandler() {
        return sessionhandler;
    }
+    public void logout() {
+        FacesContext ctx = FacesContext.getCurrentInstance();
+        HttpSession sess = (HttpSession) ctx.getExternalContext().getSession(false);
+        if(sess != null)
+        {
+            logger.warn("Inalidating session");
+            sess.invalidate();
+        }
+    }
 }