File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSF and the fly likes Login error in JSF 1.2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Login error in JSF 1.2" Watch "Login error in JSF 1.2" New topic

Login error in JSF 1.2

Skanda Raman
Ranch Hand

Joined: Mar 21, 2008
Posts: 205

I have a requirement to develop and form based login module using JSF 1.2. However, I am unable to understand like how to specify the success page in the navigation case. Below code snippet would help in understanding the issue. I am using Tomcat server for development.

If I access any protected resource like myhome.faces, initially I am pointed to login.faces to enter username and password and once authenticated I will be landed to myhome.jsp page. However, in case I enter wrong credentials, since I pointed it again back to login.faces with error as query string, I am landed to same page displaying error message. Below us my login.jsp

When I enter invalid credentials on url (http://localhost:8080/sampleapps/login.faces), it is directed to below URL with error message.


Below are my questions. Please help me.
1. In case of error credentials, I am directed to http://localhost:8080/sampleapps/j_security_check with error message, again when entering correct credentials, I am directed back to login.faces and not to index.faces.
2. I am using JSF 1.2. how can I direct to success page or failure page in this scenario as it is done in springs/struts.

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17421

When you use the J2EE Container-Managed security subsystem, you do not "Develop a login module". The "login module" is an integral part of the web application server. There are No User Servicable Parts inside. That is a large part of why it is so secure.

There isn't much point in attempting to write the login or loginfail pages in JSF, because of this. In many cases, the web application server cannot properly manage login or welcome pages in JSF in any event, since those pages do not have an actual external URL (j_security_check, for example, does not target a resource, it simply maintains the login conversation). And more critically, the webapp server (container) may not support routing such requests through the FacesServlet. Container-dispatched web pages work best when they are straight HTML or simple JSP.

Login in the J2EE security system does not support a post-login page, and I'm actually glad it does not, since a lot of times I bookmark critical URLs and I have no patience with navigating a lot of useless stuff if what I want is located at a specific bookmarkable URL. The J2EE container system will intercept requests to those URLs, and present a login screen if I am not already logged in, then proceed to send me directly to the page I want.

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: Login error in JSF 1.2
It's not a secret anymore!