• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

JSF2 + EJB3 + JPA to perform authentication and authorization.

 
Greenhorn
Posts: 23
Oracle
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am not abel to execute the program....please help me.....
i am new to JPA.....i tried to use JPA instead of JDBC. if any changes to be made in somewhere please let me know...

I want to give user authentication to a webform. I have my user details in derby database.

Used Netbeans as an IDE

Derby Database:
Table Name: Users
userid varchar(20) --->primary key
password varchar(20) ---> not null
I created Netbeans -Enterprse Bean Project-->named HR_Management_System. It created 3 project files named:
  • HR_Management_System
    HR_Management_System_ejb
    HR_Management_System_war ----I manually added JSF framework to it using properties
  • .

    I created entity bean class from table ---> functionality available in Netbeans…
    I manually created NamedQuery "User.authentication" with Query as "select us from User us where us.userid = :userid and us.password = :password"


    Then I created Stateless Session Bean without any interface - UserSessionBean
    I added below method in it



    Then I created JSF Managed Bean "UserMBean" and used "userMBean"
    I hardcoded it as


    I created Login page as:login.xhtml


    I designed the success.xhtml and failure.xhtml . Igave the navigation ….

    But when I try to run the application I get following error: ClassNotFound – ejb/UserSessionBean
     
    Ranch Hand
    Posts: 41
    Google Web Toolkit Tomcat Server Redhat
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Can you give the complete code of the Session Bean and the Managed bean. Like I can see are they pointing to the same class?
     
    Saloon Keeper
    Posts: 28477
    210
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    It's a very, very bad idea to write your own authentication and authorization system. I've seen many such attempts over the years, including some in some (supposedly) very high-security shops, and none of them have been very secure at all. It's a lot safer to just use the J22 standard container-base security system and save your labour for more productive pursuits. This is especially true in the case of EJB - EJB was designed with specific hooks into the container security system.

    Your actual cause of failure, however, is that you didn't include a package statement on your EJB java source.
     
    Gaurav Pravin Dighe
    Greenhorn
    Posts: 23
    Oracle
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Tim Holloway,

    Can you tell me how to get going with ContainerSecurity in JSF2 + GlassfishServer + Derby Database(bundled with Netbeans)....and also let e know how to maintain session and use it in shopping cart example after authenticating user against ContainerSecurity.

     
    Tim Holloway
    Saloon Keeper
    Posts: 28477
    210
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Container-managed security doesn't care about most of that stuff. Its primary method of operation is to block requests by unauthorized users to protected URLs so that they never reach application code. It also provides the get userId/getUserPrincipal HTTPServlet request methods, the isUserInRole method, and for EJBs, the ability to protect EJBs both via EJB deployment descriptors and by use of the isCallerInRole() method.

    The only thing JSF-specific is that since JSF doesn't always track URLs but the container security system controls using URLs, you have to use the "redirect" JSF navigation option to ensure that people can't use JSF insecure page commandLinks and commandButtons to connect to secured resources.

    I'm not an expert in GlassFish, but J2EE servers typically provide plug-in security managers called Realms. When you want to secure a webapp, you set up the basic security rules in web.xml, plus add any security-checking code you need in your application. Then you select a Realm that supports your account security repository (database, LDAP/Active Directory, Single-Signon, or whatever). The application doesn't care which Realm you selected, since they're all plug-replaceable. The details of the Realm itself and its configuration are server-specific, so you'll have to check the GlassFish docs.

    In JSF, session are often created long before someone actually accesses a secured URL, but once they do, the login mechanism will kick in and add the security context to the user's session context - and create the session, if no session existed. Doing a session.invalidate() will therefore log the user out in the usual way, although depending on where you go next, a new, insecure session may be created soon thereafter and the cycle will repeat as needed.

    Container security doesn't have any knowledge or interest in what database the webapp uses.

    As for examples, check any good book on JSPs and Servlets and you should find some information on setting up secured transport and container security. You'll typically also find examples of a DIY login in some other part of the book, but like I said, Do-it-Yourself security ... isn't.
     
    Gaurav Pravin Dighe
    Greenhorn
    Posts: 23
    Oracle
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Tim Hooloway,

    Thank you very much...i have heard about JDBC Realm but i am not finding any tutorial or example for it. I have J2EE Tutorial as well as Complete Reference to JSF2. but i couldn't get any.

    I will be very thankful if you let me know the link for JDBC Realm tutorial.

    Second concern i have is, as you said Secuirty only deals with authentication , authorization .....so how to deal with session mangement after doing the same....

    Please explain me the same...

    It would be realy very very helpful.
     
    Greenhorn
    Posts: 24
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Hi,
    about the session management - you could annotate a bean (even a simple class) as a session scoped managed bean (@ManagedBean). At the fist use the bean instance will bind to the user session. A shopping cart is a nice example of a session bean..
     
    Gaurav Pravin Dighe
    Greenhorn
    Posts: 23
    Oracle
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Hi Gabriel Vince ,

    Can you fwd me the working example.....or a link where i can learn from...


     
    Tim Holloway
    Saloon Keeper
    Posts: 28477
    210
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    In JSF session management is mostly automatically done for you. Please note that since session-scope beans are much more necessary in JSF than they are in most frameworks, the user may fall under session management long before going under secured session management. Security is added to the session when the webapp container detects the need for a secure environment. Invalidating the session destroys both the data session and the security session, since they're both the same session - just with an added security context.

    You will not find documentation on Realms in general-purpose J2EE books, although most of them will have chapters on setting up secured webapps. That's because the Realm is part of the webapp server as an implementation of the J2EE security environment. The actual application security is server-independent, but the mechanism that enforces the security is not. So you'd have to read the manual on the webapp server itself. For example: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html



     
    Gabriel Vince
    Greenhorn
    Posts: 24
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Hi, I believe the working example is included
    http://.lmgtfy.com/?q=JSF%20tutorial%20%40ManagedBean
    And I'd advice to download the 'complete JSF reference' pdf, it may help much in the topic. Please don't ask for a link, try to google it.
    G.
     
    That which doesn't kill us makes us stronger. I think a piece of pie wouldn't kill me. Tiny ad:
    Smokeless wood heat with a rocket mass heater
    https://woodheat.net
    reply
      Bookmark Topic Watch Topic
    • New Topic