• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JSF Accessing Bean Data

 
Mitch Robinson
Ranch Hand
Posts: 30
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

I'm just starting out on my JSF learning journey and have a very simple application that i will be building on each time I learn something new.

I currently have 2 JSP pages, Login and Greeting. 1 Bean which is used to store the user information entered on the form in Login.jsp.I also have a loginHandler which I will be using to validate the details entered on the login.jsp.

My Question is, in my loginHandler.java what is the best method to access the LoginBean and use the get() methods on each variable?

Thanks,

Mitch
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17646
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, the truth of the matter is that as far as I'm concerned, the minute you decided to code login support as part of your application logic, you already set yourself up for trouble. J2EE has a fully-functional, well-debugged security-vetted authentication and authorization system built right into it, and it's more than adequate for most webapps. Conversely, most user-defined security systems I've run across have been buggy, insecure, and expensive to maintain.

However, I realize I'm just a lonely voice crying in the wilderness on that one. Worse yet, books continue to get published that propagate this weakness by providing sample apps with their own login code. Oh well, if I ever decide to take to a life of crime...

Regardless, the important thing to understand in JSF is that it's based on the Inversion of Control (IoC) model. You don't "get" objects in IoC, they're injected into your beans. So, for example, you'd setup faces-config to inject the LoginBean into the GreetingBean and create a setLoginBean() method in the GreetingBean. At that point, the GreetingBean can then access the injected LoginBean's properties using its getter/setter methods. The point being that the application logic doesn't hard-wire the 2 beans together. Instead the wiring is done via faces-config and no explicit service locator code is required.
 
Mitch Robinson
Ranch Hand
Posts: 30
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim,

Thanks for the reply, I'm basically following a tutorial that describes how to do this, can you provide a link to some information on this built in J2EE authentication system? As it seems the best way of doing this I should learn the correct way of doing it.

And also thanks for the explanation on the beans, just a small question how would you "inject" the login bean into the greeting bean via faces-config.xml?

Again thanks for your help
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17646
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can find good information on J2EE's container-based Authentication and Authorization system in pretty much any good book on basic J2EE. It's mostly managed by setting up roles and URL patterns in the web.xml file. Which is good, because by using URL patterns, you can bounce an attack before it even enters application code. However, there are also API functions such as the isUserInRole request method that can be used to fine-tune application code.

But you wouldn't be able to use it to do your experiments, since the actual security objects are hidden from the application for security reasons. There's no real equivalent to your LoginBean, only the user ID and the ability to verify (but not enumerate) roles. One reason why container-managed security is so secure is that it doesn't volunteer anything. So if you want user-related objects, you generally use the login userID as a key to retrieve user info from some sort of persistent store such as a database, LDAP, or web service. Since objects created that way are not display objects, JSF cannot manage them, just as it doesn't manage the database object model.

Injection of managed objects in JSF is simple.. Just add one or more "managed-property" elements to a managed bean's definition in faces-config. Each managed-property specifies the name of the property in the managed bean to set and references a managed resource using EL in order to provide the value to pass to the property setter method.
 
Mitch Robinson
Ranch Hand
Posts: 30
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks again Tim,

I found a link to an article regarding J2EE authentication and authorisation, I will look at using that when I get into more compelx examples. As at the moment I'm just getting used to the navigation etc, which is making quite a bit of sense so far.

In regards to the injection of the bean would it look something like the below code:-




Would I then need to add the greetingBean.java class, with its default constructor, getter and setter methods. Then within my LoginHandler referece the greetingBean.userid?

Sorry If I've got confused.
 
Mitch Robinson
Ranch Hand
Posts: 30
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim,

Also can you recommend any books, preferably not one which uses incorrect authentication, authorisation?

Thanks
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17646
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, assuming that the LoginBean is what's capturing the user ID and so forth, you'd inject the LoginBean into the GreetingBean so that the GreetingBean would be able to display messges like "Hello, userid!".



 
Mitch Robinson
Ranch Hand
Posts: 30
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks again,

I have the managed loginBean working from within the greetingBean. But now I need to perform some "validation" in my loginHandler class on the entered criteria, although I know this isn't the correct way to authenticate/authorise.




Also, can you recommend any tutorials for JSF that stay away from IDE specific examples as I prefer to learn the way to do the actual code rather than using IDE provided wizards etc?

Thank you,
Mitch
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic