Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

JSF with Hibernate

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
I´m new here and in Java as well.

I started a test application with jsf and hibernate to learn how they work.

I want to make a simple login page, i already have the data(user and pass) in a mysql db. All i need now is to validate the data inputed in the browser with the data on the db.
I know how to insert data in the db trough the browser... is there a similar way to extract and validate data or do i need a framework (maven,struts...) to achieve data validation?

Thanks in advance
Miguel
 
Ranch Hand
Posts: 65
Netbeans IDE Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't quite get what you're asking here, but you can do data validation without additional framework as you mentioned. You can do the validation in the database level (using a query), or in your java code (do a comparison) after you get the data from database and login page.
 
Saloon Keeper
Posts: 24337
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Miguel!

First, a caution. User-designed security systems are almost universally very insecure. Use a "login page" for learning, but if you want to keep intruders from eating your system, never write your own login/security code for actual Internet applications. Use a professionally-designed and tested security infrastructure such as the J2EE standard container security system.

You have confused validating data with validating credentials here. JSF itself contains many options for validating form data. Hibernate likewise has the ability to validate data before persisting it. In fact, the two validation systems can even be linked together so that Hibernate's validation can feed JSF's form validation.

But it sounds like what you really want to validate isn't the data, it's the credentials. That is, to verify that the login form (see warning above) has been supplied with a valid user ID/password combination.

When you click a JSF form submit button (commandLink), the action method that you define for the commandLink will be invoked, providing that ALL items on the form being submitted pass JSF validation. JSF validation is automatic and requires no user-written code, just specifications of constraints on the form View Template. Stuff like "required="true"" on inputText controls and any "f:validateXXXX" tags that you supply.

If and only if all input controls on the form are found valid by JSF, JSF will update the backing beans with the form values as directed by the "value=" attributes on the input form controls. Then the action method is invoked, and the action method can obtain the user id and password from their corresponding backing bean properties.

In security, the #1 rule is "volunteer NOTHING". Just ask the NSA. So for a user authentication, you don't fetch the user ID and password from the database, you ask the database whether there's a match on the submitted user ID/password.

In SQL terms:


If the returned count is "1", the credentials are valid. If the returned count is 0, the credential are not valid. Any other numbers would indicate that your database design is probably flawed.
 
Miguel Porto
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I got the message, thank you very much.

I got excited with the (few) things i learned in hibernate and i thought i could make the login application like this.

Thank you for your posts!
Miguel
 
Did you miss me? Did you miss this tiny ad?
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic