aspose file tools*
The moose likes JSF and the fly likes JSF Accessing Bean Data Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF Accessing Bean Data" Watch "JSF Accessing Bean Data" New topic
Author

JSF Accessing Bean Data

Mitch Robinson
Ranch Hand

Joined: Oct 29, 2009
Posts: 30
Hi Guys,

I'm just starting out on my JSF learning journey and have a very simple application that i will be building on each time I learn something new.

I currently have 2 JSP pages, Login and Greeting. 1 Bean which is used to store the user information entered on the form in Login.jsp.I also have a loginHandler which I will be using to validate the details entered on the login.jsp.

My Question is, in my loginHandler.java what is the best method to access the LoginBean and use the get() methods on each variable?

Thanks,

Mitch
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16305
    
  21

Well, the truth of the matter is that as far as I'm concerned, the minute you decided to code login support as part of your application logic, you already set yourself up for trouble. J2EE has a fully-functional, well-debugged security-vetted authentication and authorization system built right into it, and it's more than adequate for most webapps. Conversely, most user-defined security systems I've run across have been buggy, insecure, and expensive to maintain.

However, I realize I'm just a lonely voice crying in the wilderness on that one. Worse yet, books continue to get published that propagate this weakness by providing sample apps with their own login code. Oh well, if I ever decide to take to a life of crime...

Regardless, the important thing to understand in JSF is that it's based on the Inversion of Control (IoC) model. You don't "get" objects in IoC, they're injected into your beans. So, for example, you'd setup faces-config to inject the LoginBean into the GreetingBean and create a setLoginBean() method in the GreetingBean. At that point, the GreetingBean can then access the injected LoginBean's properties using its getter/setter methods. The point being that the application logic doesn't hard-wire the 2 beans together. Instead the wiring is done via faces-config and no explicit service locator code is required.


Customer surveys are for companies who didn't pay proper attention to begin with.
Mitch Robinson
Ranch Hand

Joined: Oct 29, 2009
Posts: 30
Tim,

Thanks for the reply, I'm basically following a tutorial that describes how to do this, can you provide a link to some information on this built in J2EE authentication system? As it seems the best way of doing this I should learn the correct way of doing it.

And also thanks for the explanation on the beans, just a small question how would you "inject" the login bean into the greeting bean via faces-config.xml?

Again thanks for your help
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16305
    
  21

You can find good information on J2EE's container-based Authentication and Authorization system in pretty much any good book on basic J2EE. It's mostly managed by setting up roles and URL patterns in the web.xml file. Which is good, because by using URL patterns, you can bounce an attack before it even enters application code. However, there are also API functions such as the isUserInRole request method that can be used to fine-tune application code.

But you wouldn't be able to use it to do your experiments, since the actual security objects are hidden from the application for security reasons. There's no real equivalent to your LoginBean, only the user ID and the ability to verify (but not enumerate) roles. One reason why container-managed security is so secure is that it doesn't volunteer anything. So if you want user-related objects, you generally use the login userID as a key to retrieve user info from some sort of persistent store such as a database, LDAP, or web service. Since objects created that way are not display objects, JSF cannot manage them, just as it doesn't manage the database object model.

Injection of managed objects in JSF is simple.. Just add one or more "managed-property" elements to a managed bean's definition in faces-config. Each managed-property specifies the name of the property in the managed bean to set and references a managed resource using EL in order to provide the value to pass to the property setter method.
Mitch Robinson
Ranch Hand

Joined: Oct 29, 2009
Posts: 30
Thanks again Tim,

I found a link to an article regarding J2EE authentication and authorisation, I will look at using that when I get into more compelx examples. As at the moment I'm just getting used to the navigation etc, which is making quite a bit of sense so far.

In regards to the injection of the bean would it look something like the below code:-




Would I then need to add the greetingBean.java class, with its default constructor, getter and setter methods. Then within my LoginHandler referece the greetingBean.userid?

Sorry If I've got confused.
Mitch Robinson
Ranch Hand

Joined: Oct 29, 2009
Posts: 30
Tim,

Also can you recommend any books, preferably not one which uses incorrect authentication, authorisation?

Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16305
    
  21

Actually, assuming that the LoginBean is what's capturing the user ID and so forth, you'd inject the LoginBean into the GreetingBean so that the GreetingBean would be able to display messges like "Hello, userid!".



Mitch Robinson
Ranch Hand

Joined: Oct 29, 2009
Posts: 30
Thanks again,

I have the managed loginBean working from within the greetingBean. But now I need to perform some "validation" in my loginHandler class on the entered criteria, although I know this isn't the correct way to authenticate/authorise.




Also, can you recommend any tutorials for JSF that stay away from IDE specific examples as I prefer to learn the way to do the actual code rather than using IDE provided wizards etc?

Thank you,
Mitch
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSF Accessing Bean Data