This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
JSF is not JSP. So what you know about JSP may do you more harm than good.
JSF2 has built-in tiling facilities, for example. So it's easy to setup common page headers and footers. Also, since JSF is more of a true implementation of the Model/View/Controller paradigm that just about any web framework out there, you shouldn't be putting logic on the View (jsp). That's what Controllers are for.
I could rant at length on the whole idea of a dynamic logic page, since that implies that you're doing Do-It-Yourself webapp security and I strongly discourage that for most webapps. The J2EE framework security is more than sufficient for most webapps and a LOT more secure and it can automatically swap in login pages when they're needed. But that's another matter entirely.
If you're using PrettyFaces, you supply an action processor as part of the URL mapping in the pretty-config XML file. JSF actions return results that drive the navigation system, so you can select which page will be displayed based on what your action return value is.
An IDE is no substitute for an Intelligent Developer.
Note: my 10 fat little thumbs have betrayed me again. I meant to disparage dynamic login pages. Dynamic logic pages are bad enough, but - as I've said many times before - I've yet to run across a Do-It-Yourself security system that couldn't be cracked. Usually in under 10 minutes by relatively untalented people.
Joined: Aug 25, 2008
I couldn't agree more. Definitely take a look at an existing security package before you try to create your own authentication/authorization system. You will likely miss something and create a vulnerable application.
Forget "likely". Almost certainly. Even security professionals have been known to overlook things, and they have the tools and the training to do a much better job than people who are simply "clever".
However, if you have to put your money somewhere, it's a far better bet to go with the pros. Like I said, they have the resources to do a better job. Plus, they have the advantage that security isn't just another part of getting the product out - it is the product, so it gets undivided attention.
Thank you Tim and Lincoln , i'm student, i try to learn JSF and Pretty faces, sorry if my question is stupid think, i not have exp in web application before, but now i try to learn it
Thank for your advice !