File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSF and the fly likes Strange authentication behaviour Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "Strange authentication behaviour " Watch "Strange authentication behaviour " New topic

Strange authentication behaviour

Enrico Morelli
Ranch Hand

Joined: Jan 07, 2013
Posts: 30
Dear all,

I'm new to Java EE and I'm sorry if this is a stupid question. I created an application using Java EE 6 and Glassfish 3.1.2. I want that to access to some pages an user supply username and password. All works fine except for a strange (for me) behaviour. I have the following web.xml:

I use the following JSF like a menu to access the pages (I called it welcome.xhtml):

And this is a snippet of that should render the JSF pages:

The problem is that: if I enter in the browser address field localhost:8080//Projectname/admin/createUser.xhtml I obtain the login page request. But if I click on one of the links of the welcome.xhtml the browser render the corresponding page without asking me for a login and in the browser address remains localhost:8080//Projectname/welcome.xhtml#. Where is the problem?

Thanks in advance
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17423

Welcome to the JavaRanch, Enrico!

I see a couple of problems in basic JSF, although they probably don't relate to what you are asking. Firstly, Backing beans are NOT Controllers. They are Models. So I cringe when I see beans named "xxxController". Also, action EL expressions should be coded as references, not as "programming". So the "()" should be omitted. And you are confusing resource paths with URL paths. When a JSF navigation is done, you should be requesting the URL (*.jsf), not the resource associated with the URL (*.xhtml file).

As far as security issues go, the container security system maps against URLs, not against resource paths. This can be an especial problem in JSF, since ordinarily the URL in the browse navigation bar retards behind the resource being accessed. To force that URL to be in sync, add the "redirect" navigation option to your action method results.

An IDE is no substitute for an Intelligent Developer.
Enrico Morelli
Ranch Hand

Joined: Jan 07, 2013
Posts: 30
Thanks Tim,

I follow a book where the author call Controller these objects. I'm trying to learn about Java EE and understand what you wrote (sorry but it's not easy for me). There are a lot of informations, but are scattered and not uniform, many examples doesn't works. It is difficult to find a book or resource that explain easy the concepts and how to write good applications using models, relations, beans, jsf, etc. I tryed to read the manuals from Oracle, but goes too inside and without examples it's difficult to understand the concepts. Did you know some good resources? I like Java EE but when I solve a problem another is ready to be solved and I'm frustrating to spend a lot of time trying to understand why something doesn't works and find nothing (like in this case).
Volodymyr Lysenko
Ranch Hand

Joined: Mar 29, 2012
Posts: 511

Hello Enrico!

I was in your situation about half an year ago. I think that it is good to start JavaEE with oracle official tutorial
It is big!
It gives short, basic overview of main JavaEE technologies which are all followed by simple examples !
Finally at the end you are presented with two web applications and one big (as for beginner) enterprise application.
Applications are really useful because they cover all of what you learned throught the book.
These case studies can give you good ground to start doing your own webapp

If you are planning to go further with JSF you should read four series of JSF for nonbelievers.
I myself covered the book on JSF 'The complete reference of JSF2.0'. It seems to me that this was not worthy.
Better to develop with extension of JSF like RichFaces. It is much easier !!!
I decided to do my webapp with plain JSF and I should say it does not look as good as it could be with built-in components of RichFaces

Finally many people (like Tim Holloway) use Spring. Tutorial I recommended does not cover Spring at all ! Instead it covers EJB !

The best way to study is to develop your own webapp!

True person is moral, false is right!
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17423

One of the problems of modern life is that it's hard to find good books on anything highly technical, and when you do, they are often out-of-date. And, unfortunately, authors are not perfect (although some of my fellow bartender/authors might disagree ), so they do misunderstand concepts sometimes, and, being authors, pass those misunderstandings along. Although the one thing I wish they WOULD stop doing is using DIY login screens for examples. DIY security is garbage.

I've been asked to write stuff occasionally. Even published the odd article or 2. But it's too much like work. I'd rather program.
I agree. Here's the link:
subject: Strange authentication behaviour
It's not a secret anymore!