File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSF and the fly likes actual way of login with session management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "actual way of login with session management" Watch "actual way of login with session management" New topic

actual way of login with session management

kreetika gj

Joined: May 29, 2010
Posts: 2
hello friends,

m just coming to develop the application using jsf/richfaces1.2 with managedbean and also the ejb module

in my application there is one ejb module including entity bean,session bean and web service
and thr is web module with jsf framework..

m getting confused at this point...tht how to check for valid user while login
and if user valid then create session for tht user..

as i have written the collection method which gets all username and password from the database table..

bt how can i check for the condition of valid user from database?..
well i thought to write in managed bean bt nt able to get reference of the inputtext fields from the jsf page..

please guide me for this confusion by giving d example..

also one question do i need to take managed bean with session scope?

it is better to make the login with security from glassfish 4848 server?

many thanks..
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17417

It is MUCH better to let the server handle login. I have seen a lot of J2EE apps in the last 10 years, but I've yet to come across one with a user-designed security system that wasn't full of holes. It's far better to employ a pre-debugged, well-documented standard security architecture than it is to be "clever" and invent your own unique one with its own unique bugs. Although actually some of the bugs I've seen in DIY security were depressingly non-unique.

I'm really rather annoyed at the authors of Java books that start off their examples with a "login screen", since, as I've said, DIY security systems are rarely capable of withstanding 10 minutes worth of hacking.

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: actual way of login with session management
It's not a secret anymore!