• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

checking whether user logged in or not

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am very new to JSF and I am trying to do the following:

1> login.jsp - get username and password and redirecto welcome.jsp on success
on failure return to login.jsp but with error message on the screen..


2> when the user tries to open to some other page which requires user to be logged in before opening it, in this case how would I check whether user has logged in or not.. I know i can get the user bean information from the session or face context.. but I don't want to put this check in all my jsp pages.. I am looking for a cleaner way..

I have a userbean class with a login function which gets called when user press login button. It return success/failure.

I am aware that it is possible to check the login at the validation stage itself.. but I am not sure of the right approach.. Please help!

Thanks alot!
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This can be done in different ways.

You can create a Filter that verifies every request if the user is logged in and redirect the user to a page if it is not logged in.

You can authorize acces to the pages through the web.xml in which you define which roles can access which pages, but for this you should read about JAAS here.

I think the best way to do this is through JAAS, is cleaner and is not reaaly hard to use it.

If you have any questions don't hesitate to ask.
[ July 15, 2008: Message edited by: Andres Quinones ]
 
Gopi Chand
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Andres,

Thanks for your answer! I am not really happy with the form based security check which comes without any considerable coding effort. But if my site has lot of users, I really don't want to put 100,000 user names in a xml file.

I am looking for a more elegant solution.. Probably servlet filter based solution looks good to me..

Comments?

Thanks,
CG
 
Andres Quinones
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Gopi, you will not have to put 100,000 user in your xml file, because it is handle with roles for those users. I think is the best and cleanest way to manage your authorization process.

The filter is the other way but your application performance could decrease.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic