This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Yes. Add a "styleClass" attribute to the control and make its value be an EL expression based on whether the password is right, empty, or wrong.
Although actually telling someone that their password specifically is wrong is considered bad security practice if the password is being combined with other security tokens such as userIDs. In such cases, the recommended response is simply to indicate that one or more of the tokens is invalid. Otherwise, hackers know which tokens they have that work and don't need to do as much work to find the values of the remaining tokens.
An IDE is no substitute for an Intelligent Developer.
when you keep a secret, the less information you give is the better, if you say "you password is wrong" at the same time the hacker says "ahh but the username is correct!" , then he just have to find the right password not both, or he can use this info that you leaked to find more usernames. For this reason is better just to say "Username or password incorrect"