aspose file tools*
The moose likes JSF and the fly likes multi tab problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "multi tab problem" Watch "multi tab problem" New topic
Author

multi tab problem

igor ivanovic
Greenhorn

Joined: May 23, 2009
Posts: 8
Hi everyone,


I have developed a web application using JSF 1.2. It has a login page and some other pages that users can see them after log in.
But every time when users press ctrl+t(opens a new tab) the application asks users to log in to proceed. But i want to do it work without asking users to enter their credentials if the user has already logged in. And be able to see the page as in the other tab

Do you have any recommendations about this problem?

Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16014
    
  20

Yes. Don't invent your own security system. This is just one of many problems you'll have. And welcome to the JavaRanch, Igor!

If you hang around here for long you'll see a lot of me ranting on home-made login systems. It's because they just don't work. Unfortunately, it seems like almost every Java book out there has examples with user-defined logins in them. But I've been working with J2EE since before JSPs were even invented, and I've never seen a single do-it-yourself security system that was really secure. Most of them aren't secure at all, in fact. They're like a house with a lock on the front door and no door on the back door. They're also expensive to maintain, extra work to code and debug, and - well, I'm up to about 12 reasons why doing your own security system is just plain bad.

There's a login/security system that comes as part of the J2EE security standard, and it won't force people to login multiple times. It's good enough "as is" for most applications, and there are some good pre-coded/pre-debugged security frameworks that can work with it if you need more.

Security is hard work. It's better to take advantage of someone else's hard work. Especially since the people who designed the J2EE standard security system were security professionals.


Customer surveys are for companies who didn't pay proper attention to begin with.
igor ivanovic
Greenhorn

Joined: May 23, 2009
Posts: 8
Hi Tim Holloway,

Really thanks for your reply. Could you please list the names of those login\security systems and if possible some links mentioned about them

Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16014
    
  20

You can find documentation on the basic J2EE container-managed security system in any decent book on J2EE that covers servlets and JSPs. Like I said, the majority of webapps don't need any more than that.

Really complex apps often use the Spring Framework for infrastructure, and Spring can enhance basic J2EE security using the aecgi security package. For details on that, visit the springframework.org website.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: multi tab problem