JSF+Spring+Hibernate Session Problem

Hi
When Iam Log in application onward opening a new tab it redirects to Login Page ..or Entereing the URL of login page it asks for log in user id pwd again .it does not check user name and pwd

My Web.xml is



<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml</param-value> </context-param> <context-param> <param-name>com.sun.faces.verifyObjects</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>com.sun.faces.validateXml</param-name> <param-value>true</param-value> </context-param> <context-param> <param-name>javax.faces.CONFIG_FILES</param-name> <param-value>/WEB-INF/faces-config.xml,/WEB-INF/faces-managed-beans.xml,/WEB-INF/faces-navigation.xml</param-value> </context-param> <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>client</param-value> </context-param> <context-param> <param-name>org.richfaces.SKIN</param-name> <param-value>blueSky</param-value> </context-param> <context-param> <param-name>com.backbase.bjsf.INVALIDATE_SESSION_ON_REFRESH</param-name> <param-value>false</param-value> </context-param> <!-- Richfaces filter entry here --> <filter> <display-name>Ajax4jsf Filter</display-name> <filter-name>richfaces</filter-name> <filter-class>org.ajax4jsf.Filter</filter-class> </filter> <filter-mapping> <filter-name>richfaces</filter-name> <servlet-name>Faces Servlet</servlet-name> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> </filter-mapping> <filter> <filter-name>MyFacesExtensionsFilter</filter-name> <filter-class>org.apache.myfaces.webapp.filter.ExtensionsFilter</filter-class> <init-param> <param-name>uploadMaxFileSize</param-name> <param-value>20m</param-value> </init-param> </filter> <!-- extension mapping for adding <script/>, <link/>, and other resource tags to JSF-pages --> <filter-mapping> <filter-name>MyFacesExtensionsFilter</filter-name> <servlet-name>Faces Servlet</servlet-name> </filter-mapping> <!-- extension mapping for serving page-independent resources (javascript, stylesheets, images, etc.) --> <filter-mapping> <filter-name>MyFacesExtensionsFilter</filter-name> <url-pattern>/faces/myFacesExtensionResource/*</url-pattern> </filter-mapping> <filter> <filter-name>sessionFilter</filter-name> <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class> <init-param> <param-name>sessionFactoryBeanName</param-name> <param-value>sessionFactory</param-value> </init-param> <init-param> <param-name>singleSession</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>/faces/*</url-pattern> </filter-mapping> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>/faces/*</url-pattern> </servlet-mapping> <session-config> <session-timeout>30</session-timeout> </session-config> <welcome-file-list> <welcome-file>faces/login.jsp</welcome-file> </welcome-file-list> </web-app>



and faces.config.xml as folllows
===============================

<?xml version='1.0' encoding='UTF-8'?> <!-- =========== FULL CONFIGURATION FILE ================================== --> <faces-config version="1.2" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_1_2.xsd"> <validator> <validator-id>blankValidator</validator-id> <validator-class>pil.pdm.view.validator.BlankValidator</validator-class> </validator> <validator> <validator-id>duplicateProjectName</validator-id> <validator-class>pil.pdm.view.validator.DuplicateProjectName</validator-class> </validator> <validator> <validator-id>duplicateUserTypeName</validator-id> <validator-class>pil.pdm.view.validator.DuplicateUserTypeName</validator-class> </validator> <validator> <validator-id>duplicateDepartmentName</validator-id> <validator-class>pil.pdm.view.validator.DuplicateDepartmentName</validator-class> </validator> <validator> <validator-id>alphabeticValidator</validator-id> <validator-class>pil.pdm.view.validator.AlphabeticValidator</validator-class> </validator> <validator> <validator-id>emailValidator</validator-id> <validator-class>pil.pdm.view.validator.EmailValidator</validator-class> </validator> <validator> <validator-id>alphaNumericValidator</validator-id> <validator-class>pil.pdm.view.validator.AlphaNumericValidator</validator-class> </validator> <validator> <validator-id>zipCodeValidator</validator-id> <validator-class>pil.pdm.view.validator.ZipCodeValidator</validator-class> </validator> <validator> <validator-id>phoneNumberValidator</validator-id> <validator-class>pil.pdm.view.validator.PhoneNumberValidator</validator-class> </validator> <validator> <validator-id>compPassword</validator-id> <validator-class>pil.pdm.view.validator.CompPassword</validator-class> </validator> <validator> <validator-id>avoidDuplicateLoginId</validator-id> <validator-class>pil.pdm.view.validator.AvoidDuplicateLoginId</validator-class> </validator> <converter> <converter-id>phoneConverter</converter-id> <converter-class>pil.pdm.view.validator.PhoneConverter</converter-class> </converter> </faces-config>


------------
PLzz Help

"Aj Kr", please check your private messages regarding an important administrative matter.

Iam Trying to change my Name But not able to do it now will do it later np Thax

Please UseRealWords instead of something like np, thax...
And, don't forget to change the name before you post again on the forum.

Ok .Sure ..I Will Do it as per instruction ..But i Am Still Not getting the solution . :

Aj Kr wrote:Ok .Sure ..I Will Do it as per instruction ..But i Am Still Not getting the solution . :

Well, no you're not. And until you fix your display name, I'm not going to give one!

Sorry ! For Delay i Did it Now ..Thank You !

Thank you. And welcome to the JavaRanch!

When I first looked at this I thought you were using the web.xml security (container-managed security) and making a common mistake. Actually, it seems you're working with a Do-it-Yourself security system, which means that instead of being able to give advice on a well-documented standard, all I can do is recommend things to help you debug. Spend any time around the JavaRanch, and you'll hear plenty of ranting from me on why a DIY security system isn't a good thing. I have a fairly long list of reasons, but the most important one is that I've really never seen a DIY security system that was truly secure. Most of them, in fact, wouldn't hold off a real attacker for more than 5 minutes.

Nevertheless, DIY is popular, despite the expenses, both immediate and post-invasion. So here goes.

I can't see your total security infrastructure from these examples, but my suspicion lies in some basic JSF behaviors. When a JSF View posts data (such as a login form), the default behavior is to redisplay the View. That's different from most architectures. So a DIY JSF login form would typically need a login Action method that returns a value that can be used for navigation, such as "success" (user logged in OK) and "failure" (Login failed). The faces-config file then is consulted to find the appropriate navigation rules, which are typically to go to the user's home page :success", or to redisplay the login View ("failure"). Since the default is to redisplay the current View, an explicit failure rule is optional.

Actually, I didn't see any reference to a backing bean at all in your faces-config, so there was no obvious place for the login credentials to be passed, nor definition of a login action processor. Validators and converters are part of the MVC Controller framework and don't have business logic capabilities, so they're not sufficient to process logins.

Thank you ! But I Did not understand .can you advise me please some reference or what approach according to you i should follow . actually i have not worked much on here but now its My Responsibility to handle every thing and iam confused.Please guide me.

The problem is, you've apparently been saddled with the job but you don't even know where to catch the bus to go to work.

You need to find some beginning books on JavaServer Faces and learn how it works. Then you can worry about things like how to handle security and how to interface to Spring and Hibernate.

That's just a little more than we can cover in an online forum.

?

Micky Kr wrote:?