• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

multi tab problem

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone,


I have developed a web application using JSF 1.2. It has a login page and some other pages that users can see them after log in.
But every time when users press ctrl+t(opens a new tab) the application asks users to log in to proceed. But i want to do it work without asking users to enter their credentials if the user has already logged in. And be able to see the page as in the other tab

Do you have any recommendations about this problem?

Thanks
 
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes. Don't invent your own security system. This is just one of many problems you'll have. And welcome to the JavaRanch, Igor!

If you hang around here for long you'll see a lot of me ranting on home-made login systems. It's because they just don't work. Unfortunately, it seems like almost every Java book out there has examples with user-defined logins in them. But I've been working with J2EE since before JSPs were even invented, and I've never seen a single do-it-yourself security system that was really secure. Most of them aren't secure at all, in fact. They're like a house with a lock on the front door and no door on the back door. They're also expensive to maintain, extra work to code and debug, and - well, I'm up to about 12 reasons why doing your own security system is just plain bad.

There's a login/security system that comes as part of the J2EE security standard, and it won't force people to login multiple times. It's good enough "as is" for most applications, and there are some good pre-coded/pre-debugged security frameworks that can work with it if you need more.

Security is hard work. It's better to take advantage of someone else's hard work. Especially since the people who designed the J2EE standard security system were security professionals.
 
igor ivanovic
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Tim Holloway,

Really thanks for your reply. Could you please list the names of those login\security systems and if possible some links mentioned about them

Thanks
 
Tim Holloway
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can find documentation on the basic J2EE container-managed security system in any decent book on J2EE that covers servlets and JSPs. Like I said, the majority of webapps don't need any more than that.

Really complex apps often use the Spring Framework for infrastructure, and Spring can enhance basic J2EE security using the aecgi security package. For details on that, visit the springframework.org website.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic