• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to implement Session Tracking

 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm new to session tracking. So, need some detailed advice.

I'm having two beans - UserBean(session scope) and StudentDetailsBean(request scope) and I have two JSP pages. In the first JSP page, a user has to login. If the login is successful, then the second JSP page comes up which asks for student details. These details are inserted into the corresponding table in the database. But, in that table, I need to insert the student's userId also which I have to get from the session bean (Userbean.userId). UserId is an attribute of UserBean and not of StudentDetailsBean

What should I add to the code in the StudentDetailsBean that will extract the session variable (UserId) so that I can insert the appropriate UserId for every successful login?

Please let me know how to do this as I haven't used JSF for session tracking earlier.
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Writing your own security system is a bad idea. First and foremost, since you'd be the first person I've seen since I started working with J2EE somewhere around 1998 if you actually managed to make a secure security system. Most people's "security systems" are about as secure as soggy cardboard, and that includes the "clever" ones.

Secondly, you don't HAVE to code user-detection logic in when you use the J2EE builtin security. When you let the container manage the primary security functions, it will not long handle the login process, you can easily tell if you're logged in and under what ID just by looking at the HttpServletContext getUser and getUserPrincipal methods, If they return null, you're not logged in. Otherwise, you'll have the guaranteed correct login ID without fear that it was spoofed.
 
Gvn Karthik
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not building a security system here. I just need to know how the whole concept of session tracking works. What I gave was a simple example. I wanted to know how data from session variables can be accessed in a bean class. I know that I have to use HttpSession but I could not figure out how to use it exactly. So, I need help in that aspect.
 
Tim Holloway
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, login is a bad example to use, despite the fact that far too many Java books do so anyway.

Like I said, the builtin security system has a builtin security API, so you wouldn't be getting the user ID from a session variable, you'd be getting it from a security method.

On a broader basis, however, the only difference between HTTPSession objects and JSF session objects is that JSF has automatically constructed and initialized (via property setters) the session object automatically, whereas in a servlet or JSP, you'd have to do the job manually.

A JSF session bean can be injected into another JSF bean of equal or higher scope (session or application) using the JSF Managed Property option - either coded as part of the target bean definition in faces-config.xml or via annotations (JSF2 and later).

A non-JSF session bean has to be found the hard way by getting the HttpServletRequest object from the FacesContext and applying the getSession().getAttribute() method chain. I keep a separate JSF utility class that I can employ for that kind of stuff. It helps keep JSF-specific code out of my backing beans and makes it easier to unit-test components offline.
 
Doe, a deer, a female deer. Ray, a pockeful of sun. Me, a name, I call my tiny ad ...
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic