wood burning stoves 2.0*
The moose likes JSF and the fly likes Validations for a simple login page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » JSF
Bookmark "Validations for a simple login page" Watch "Validations for a simple login page" New topic
Author

Validations for a simple login page

srinivas bokka
Greenhorn

Joined: Jul 05, 2009
Posts: 5
Hi,

I am new to JSF. I am using JDeveloper to create a JSF application.

I developed a simple login application.

login page contains user name input box, pass word input box and a login button.

I used pre-defined validations. So when i clicked login button its validating properly.

But when i introduced a new button (commandlink button) called Forgot Password?, and i would like to add validations only to user name not for password.

so when user clicks on "forgot password?" button, it should validate username only.

But for my surprise its validating both username and password.

I would like to know, How to acheive this functinality.

Could you please suggest me your thoughts on this?
Joerg Orlowski
Greenhorn

Joined: Mar 08, 2010
Posts: 2
Hi,

this is a normal behaviour because of the lifecycles of JSF Application.
Because all validations are done before the actionmethods are running.

In your case i would disable the validation of the password field.

When the login is managed with an action of a login button and not within the validator of the password field there shoul be no problem.

Empty Password -> no login

best regards
jörg
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16101
    
  21

The best way is not to write your own login code and use the Java web security system instead. Do-it-Yourself security systems are almost always horribly insecure - security programming is a specialized concept that requires proper training and the ability to think like a truly evil person. Most "real world" web projects treat security as more of an afterthought that has to be done, but done quickly and without a lot of review, since it's not "useful" code.

I'm a little extra sensitive on that topic because in the last week, I've been bombarded with email security alerts from some of the most respected names in the IT industry telling me my passwords may have been stolen. Just this morning I read about security problems with Google apps and a hack to Network Systems. And Network Systems has already had one major breach recently.

So it's time to forget about "toy" security systems. The stuff that comes standard with J2EE was designed and reviewed by security professionals and has had quite a few years to shake down. It's never had a significant failure that I've heard of. And while it might seem awkward and limited, it's actually quite adaptable.

OK, so much for the rant.

It's a fundamental design constraint in JSF that no part of any backing bean may be updated unless ALL parts pass validation. There are 2 primary solutions to that:

1. Place the different controls in different forms. Only one form can be submitted per request, and data in the other forms is ignored, so it won't matter if the data in those forms is not valid.

2. Remove validation. That kind of defeats the idea, but it eliminates the problem.


Customer surveys are for companies who didn't pay proper attention to begin with.
srinivas bokka
Greenhorn

Joined: Jul 05, 2009
Posts: 5
Thank you TIM and Joerg.



 
GeeCON Prague 2014
 
subject: Validations for a simple login page