• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Strange authentication behaviour

 
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear all,

I'm new to Java EE and I'm sorry if this is a stupid question. I created an application using Java EE 6 and Glassfish 3.1.2. I want that to access to some pages an user supply username and password. All works fine except for a strange (for me) behaviour. I have the following web.xml:



I use the following JSF like a menu to access the pages (I called it welcome.xhtml):



And this is a snippet of UserController.java that should render the JSF pages:



The problem is that: if I enter in the browser address field localhost:8080//Projectname/admin/createUser.xhtml I obtain the login page request. But if I click on one of the links of the welcome.xhtml the browser render the corresponding page without asking me for a login and in the browser address remains localhost:8080//Projectname/welcome.xhtml#. Where is the problem?

Thanks in advance
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Enrico!

I see a couple of problems in basic JSF, although they probably don't relate to what you are asking. Firstly, Backing beans are NOT Controllers. They are Models. So I cringe when I see beans named "xxxController". Also, action EL expressions should be coded as references, not as "programming". So the "()" should be omitted. And you are confusing resource paths with URL paths. When a JSF navigation is done, you should be requesting the URL (*.jsf), not the resource associated with the URL (*.xhtml file).

As far as security issues go, the container security system maps against URLs, not against resource paths. This can be an especial problem in JSF, since ordinarily the URL in the browse navigation bar retards behind the resource being accessed. To force that URL to be in sync, add the "redirect" navigation option to your action method results.
 
Enrico Morelli
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim,

I follow a book where the author call Controller these objects. I'm trying to learn about Java EE and understand what you wrote (sorry but it's not easy for me). There are a lot of informations, but are scattered and not uniform, many examples doesn't works. It is difficult to find a book or resource that explain easy the concepts and how to write good applications using models, relations, beans, jsf, etc. I tryed to read the manuals from Oracle, but goes too inside and without examples it's difficult to understand the concepts. Did you know some good resources? I like Java EE but when I solve a problem another is ready to be solved and I'm frustrating to spend a lot of time trying to understand why something doesn't works and find nothing (like in this case).
 
Ranch Hand
Posts: 514
1
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Enrico!

I was in your situation about half an year ago. I think that it is good to start JavaEE with oracle official tutorial http://docs.oracle.com/javaee/6/tutorial/doc/javaeetutorial6.pdf
Why?
It is big!
It gives short, basic overview of main JavaEE technologies which are all followed by simple examples !
Finally at the end you are presented with two web applications and one big (as for beginner) enterprise application.
Applications are really useful because they cover all of what you learned throught the book.
These case studies can give you good ground to start doing your own webapp

If you are planning to go further with JSF you should read four series of JSF for nonbelievers.
I myself covered the book on JSF 'The complete reference of JSF2.0'. It seems to me that this was not worthy.
Better to develop with extension of JSF like RichFaces. It is much easier !!!
I decided to do my webapp with plain JSF and I should say it does not look as good as it could be with built-in components of RichFaces

Finally many people (like Tim Holloway) use Spring. Tutorial I recommended does not cover Spring at all ! Instead it covers EJB !

The best way to study is to develop your own webapp!
 
Tim Holloway
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One of the problems of modern life is that it's hard to find good books on anything highly technical, and when you do, they are often out-of-date. And, unfortunately, authors are not perfect (although some of my fellow bartender/authors might disagree ), so they do misunderstand concepts sometimes, and, being authors, pass those misunderstandings along. Although the one thing I wish they WOULD stop doing is using DIY login screens for examples. DIY security is garbage.

I've been asked to write stuff occasionally. Even published the odd article or 2. But it's too much like work. I'd rather program.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic