This week's book giveaway is in the Programmer Certification forum.
We're giving away four copies of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 and have Jeanne Boyarsky & Scott Selikoff on-line!
See this thread for details.
Win a copy of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 this week in the Programmer Certification forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

Validations for a simple login page

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am new to JSF. I am using JDeveloper to create a JSF application.

I developed a simple login application.

login page contains user name input box, pass word input box and a login button.

I used pre-defined validations. So when i clicked login button its validating properly.

But when i introduced a new button (commandlink button) called Forgot Password?, and i would like to add validations only to user name not for password.

so when user clicks on "forgot password?" button, it should validate username only.

But for my surprise its validating both username and password.

I would like to know, How to acheive this functinality.

Could you please suggest me your thoughts on this?
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

this is a normal behaviour because of the lifecycles of JSF Application.
Because all validations are done before the actionmethods are running.

In your case i would disable the validation of the password field.

When the login is managed with an action of a login button and not within the validator of the password field there shoul be no problem.

Empty Password -> no login

best regards
jörg
 
Saloon Keeper
Posts: 21266
138
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The best way is not to write your own login code and use the Java web security system instead. Do-it-Yourself security systems are almost always horribly insecure - security programming is a specialized concept that requires proper training and the ability to think like a truly evil person. Most "real world" web projects treat security as more of an afterthought that has to be done, but done quickly and without a lot of review, since it's not "useful" code.

I'm a little extra sensitive on that topic because in the last week, I've been bombarded with email security alerts from some of the most respected names in the IT industry telling me my passwords may have been stolen. Just this morning I read about security problems with Google apps and a hack to Network Systems. And Network Systems has already had one major breach recently.

So it's time to forget about "toy" security systems. The stuff that comes standard with J2EE was designed and reviewed by security professionals and has had quite a few years to shake down. It's never had a significant failure that I've heard of. And while it might seem awkward and limited, it's actually quite adaptable.

OK, so much for the rant.

It's a fundamental design constraint in JSF that no part of any backing bean may be updated unless ALL parts pass validation. There are 2 primary solutions to that:

1. Place the different controls in different forms. Only one form can be submitted per request, and data in the other forms is ignored, so it won't matter if the data in those forms is not valid.

2. Remove validation. That kind of defeats the idea, but it eliminates the problem.
 
srinivas bokka
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you TIM and Joerg.



 
What's gotten into you? Could it be this tiny ad?
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!