1 Reply Latest reply: Apr 23, 2012 3:34 PM by lfd RSS

    Login Logic

    932609
      Hi all,

      I'm new to JSF and I am trying to figure out a way for my login functionality.
      I am basically doing the following:
      1. The login.xhtml contains the login form:

      <h:outputText value="#{msg.login_failed}" rendered="#{sessionManager.loginError}" />

      <h:form>
      <p:inputText value="#{sessionManager.username}" />
      <p:password value="#{sessionManager.password}" />
      <p:commandButton value="#{msg.login}" action="#{sessionManager.login()}" update="@all" />
      </h:form>


      2. In SessionManager I have the login logic:

      public String login() throws IOException {
      Integer sessionId = getSessionID(getUserName(), getPassword());
      if (sessionId == null) {
      setLoginError(true);
      else {
      setLoginError(false);
      setSessionId(sessionId);
      return "welcome";
      }
      return "login";
      }

      If the authentication goes well and the sessionId is not null then I get to the welcome page.
      However if the sessionId is null I see the login page again BUT any other attempt to submit the login form would do nothing. The login method in SessionManager is not reached any more (in debug mode). Should I maybe refresh the page somehow? Please give me a hand with the flow of actions...

      Cheers,
      P.

      Edited by: 929606 on Apr 23, 2012 9:40 AM
        • 1. Re: Login Logic
          lfd
          You should read the servlet spec section on security. Do not try to create your own login process. Instead, you should follow the servlet spec and use at least declarative security that is configured by your web container.