Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

checking whether user logged in or not

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am very new to JSF and I am trying to do the following:

1> login.jsp - get username and password and redirecto welcome.jsp on success
on failure return to login.jsp but with error message on the screen..


2> when the user tries to open to some other page which requires user to be logged in before opening it, in this case how would I check whether user has logged in or not.. I know i can get the user bean information from the session or face context.. but I don't want to put this check in all my jsp pages.. I am looking for a cleaner way..

I have a userbean class with a login function which gets called when user press login button. It return success/failure.

I am aware that it is possible to check the login at the validation stage itself.. but I am not sure of the right approach.. Please help!

Thanks alot!
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This can be done in different ways.

You can create a Filter that verifies every request if the user is logged in and redirect the user to a page if it is not logged in.

You can authorize acces to the pages through the web.xml in which you define which roles can access which pages, but for this you should read about JAAS here.

I think the best way to do this is through JAAS, is cleaner and is not reaaly hard to use it.

If you have any questions don't hesitate to ask.
[ July 15, 2008: Message edited by: Andres Quinones ]
 
Gopi Chand
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Andres,

Thanks for your answer! I am not really happy with the form based security check which comes without any considerable coding effort. But if my site has lot of users, I really don't want to put 100,000 user names in a xml file.

I am looking for a more elegant solution.. Probably servlet filter based solution looks good to me..

Comments?

Thanks,
CG
 
Andres Quinones
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Gopi, you will not have to put 100,000 user in your xml file, because it is handle with roles for those users. I think is the best and cleanest way to manage your authorization process.

The filter is the other way but your application performance could decrease.
 
Won't you please? Please won't you be my neighbor? - Fred Rogers. Tiny ad:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic