Validations for a simple login page

Hi,

I am new to JSF. I am using JDeveloper to create a JSF application.

I developed a simple login application.

login page contains user name input box, pass word input box and a login button.

I used pre-defined validations. So when i clicked login button its validating properly.

But when i introduced a new button (commandlink button) called Forgot Password?, and i would like to add validations only to user name not for password.

so when user clicks on "forgot password?" button, it should validate username only.

But for my surprise its validating both username and password.

I would like to know, How to acheive this functinality.

Could you please suggest me your thoughts on this?

Hi,

this is a normal behaviour because of the lifecycles of JSF Application.
Because all validations are done before the actionmethods are running.

In your case i would disable the validation of the password field.

When the login is managed with an action of a login button and not within the validator of the password field there shoul be no problem.

Empty Password -> no login

best regards
jörg

The best way is not to write your own login code and use the Java web security system instead. Do-it-Yourself security systems are almost always horribly insecure - security programming is a specialized concept that requires proper training and the ability to think like a truly evil person. Most "real world" web projects treat security as more of an afterthought that has to be done, but done quickly and without a lot of review, since it's not "useful" code.

I'm a little extra sensitive on that topic because in the last week, I've been bombarded with email security alerts from some of the most respected names in the IT industry telling me my passwords may have been stolen. Just this morning I read about security problems with Google apps and a hack to Network Systems. And Network Systems has already had one major breach recently.

So it's time to forget about "toy" security systems. The stuff that comes standard with J2EE was designed and reviewed by security professionals and has had quite a few years to shake down. It's never had a significant failure that I've heard of. And while it might seem awkward and limited, it's actually quite adaptable.

OK, so much for the rant.

It's a fundamental design constraint in JSF that no part of any backing bean may be updated unless ALL parts pass validation. There are 2 primary solutions to that:

1. Place the different controls in different forms. Only one form can be submitted per request, and data in the other forms is ignored, so it won't matter if the data in those forms is not valid.

2. Remove validation. That kind of defeats the idea, but it eliminates the problem.

Thank you TIM and Joerg.