• Post Reply Bookmark Topic Watch Topic
  • New Topic

Authentication using EJB in JSF  RSS feed

 
Abhishek Uppala
Greenhorn
Posts: 10
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I am trying to achieve authentication for my web application developed using JSF in netbeans 6.5.

Now when i use ejb for authenticating the user i am facing the following problem:

whenever a user logs in from one machine and another user tries to access the web app, it is not directing the second user for login page but is directly taking the second user to home page and showing him as logged in with first user's user name. There is only session that is being created and every user is not getting their own session variable.

What I had done is: i created an ejb with both local and remote interfaces. I had made a business method in remote interface to set the user name after authenticating the user and also made a business method in local interface to get the user name whenever i require.

Kindly tell me why every user is not getting their own session variable? Is there anything else that I am missing in my logic


Thanks in advance
Abhishek Uppala
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch!

I've got a long list of reasons why I prefer to use container-based authentication and authorization instead of the do-it-yourself security approach, and this is one of them. The J2EE standard security system is already debugged, functional and documented. You're stuck trying to make a custom security manager work when you could be working on the business parts of the app, instead.

There's not really enough information there, but my best guess is that you're using an Entity EJB to manage the user's session and it sounds like everyone's getting the same EJB when you really need one EJB per user. If I were to roll my own A&A system, I'd make the primary key for the EJB be related to the user's login ID, then stuff the handle of the EJB into my HttpSession.
 
Abhishek Uppala
Greenhorn
Posts: 10
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim

I am a newbie to Java EJB so can you please elaborate on the suggestions you made.

Thank You
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!