This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JSF and the fly likes How to implement Session Tracking Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "How to implement Session Tracking" Watch "How to implement Session Tracking" New topic
Author

How to implement Session Tracking

Gvn Karthik
Greenhorn

Joined: Feb 07, 2011
Posts: 22
I'm new to session tracking. So, need some detailed advice.

I'm having two beans - UserBean(session scope) and StudentDetailsBean(request scope) and I have two JSP pages. In the first JSP page, a user has to login. If the login is successful, then the second JSP page comes up which asks for student details. These details are inserted into the corresponding table in the database. But, in that table, I need to insert the student's userId also which I have to get from the session bean (Userbean.userId). UserId is an attribute of UserBean and not of StudentDetailsBean

What should I add to the code in the StudentDetailsBean that will extract the session variable (UserId) so that I can insert the appropriate UserId for every successful login?

Please let me know how to do this as I haven't used JSF for session tracking earlier.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

Writing your own security system is a bad idea. First and foremost, since you'd be the first person I've seen since I started working with J2EE somewhere around 1998 if you actually managed to make a secure security system. Most people's "security systems" are about as secure as soggy cardboard, and that includes the "clever" ones.

Secondly, you don't HAVE to code user-detection logic in when you use the J2EE builtin security. When you let the container manage the primary security functions, it will not long handle the login process, you can easily tell if you're logged in and under what ID just by looking at the HttpServletContext getUser and getUserPrincipal methods, If they return null, you're not logged in. Otherwise, you'll have the guaranteed correct login ID without fear that it was spoofed.


Customer surveys are for companies who didn't pay proper attention to begin with.
Gvn Karthik
Greenhorn

Joined: Feb 07, 2011
Posts: 22
I'm not building a security system here. I just need to know how the whole concept of session tracking works. What I gave was a simple example. I wanted to know how data from session variables can be accessed in a bean class. I know that I have to use HttpSession but I could not figure out how to use it exactly. So, I need help in that aspect.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

Well, login is a bad example to use, despite the fact that far too many Java books do so anyway.

Like I said, the builtin security system has a builtin security API, so you wouldn't be getting the user ID from a session variable, you'd be getting it from a security method.

On a broader basis, however, the only difference between HTTPSession objects and JSF session objects is that JSF has automatically constructed and initialized (via property setters) the session object automatically, whereas in a servlet or JSP, you'd have to do the job manually.

A JSF session bean can be injected into another JSF bean of equal or higher scope (session or application) using the JSF Managed Property option - either coded as part of the target bean definition in faces-config.xml or via annotations (JSF2 and later).

A non-JSF session bean has to be found the hard way by getting the HttpServletRequest object from the FacesContext and applying the getSession().getAttribute() method chain. I keep a separate JSF utility class that I can employ for that kind of stuff. It helps keep JSF-specific code out of my backing beans and makes it easier to unit-test components offline.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: How to implement Session Tracking