I have a login form that collects a username and password then calls the 'login' method of the backingbean. How should I handle failed attempts? I'd like to be as descriptive as possible and not have to redirect the user to a different page. Right now I have the following set up:
Should I be doing the password/username varification in a validator? Seems risky...
Thank you for your time, -D.P.
[ January 20, 2006: Message edited by: Daniel Prene ] [ January 20, 2006: Message edited by: Daniel Prene ]
You could create your own validator for login. I don't know what you mean by risky though.
The way I usually do it is in some business logic. My login method just calls my own means of authentication which is usually a helper class that hits the DB for credentials. If anything fails, I simply navigate to the same login page and display an appropriate error message on that screen.