• Post Reply Bookmark Topic Watch Topic
  • New Topic

JSF with Hibernate  RSS feed

 
Miguel Porto
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
I´m new here and in Java as well.

I started a test application with jsf and hibernate to learn how they work.

I want to make a simple login page, i already have the data(user and pass) in a mysql db. All i need now is to validate the data inputed in the browser with the data on the db.
I know how to insert data in the db trough the browser... is there a similar way to extract and validate data or do i need a framework (maven,struts...) to achieve data validation?

Thanks in advance
Miguel
 
Myyron Murray Latorilla
Ranch Hand
Posts: 65
Eclipse IDE Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't quite get what you're asking here, but you can do data validation without additional framework as you mentioned. You can do the validation in the database level (using a query), or in your java code (do a comparison) after you get the data from database and login page.
 
Tim Holloway
Bartender
Posts: 18720
72
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Miguel!

First, a caution. User-designed security systems are almost universally very insecure. Use a "login page" for learning, but if you want to keep intruders from eating your system, never write your own login/security code for actual Internet applications. Use a professionally-designed and tested security infrastructure such as the J2EE standard container security system.

You have confused validating data with validating credentials here. JSF itself contains many options for validating form data. Hibernate likewise has the ability to validate data before persisting it. In fact, the two validation systems can even be linked together so that Hibernate's validation can feed JSF's form validation.

But it sounds like what you really want to validate isn't the data, it's the credentials. That is, to verify that the login form (see warning above) has been supplied with a valid user ID/password combination.

When you click a JSF form submit button (commandLink), the action method that you define for the commandLink will be invoked, providing that ALL items on the form being submitted pass JSF validation. JSF validation is automatic and requires no user-written code, just specifications of constraints on the form View Template. Stuff like "required="true"" on inputText controls and any "f:validateXXXX" tags that you supply.

If and only if all input controls on the form are found valid by JSF, JSF will update the backing beans with the form values as directed by the "value=" attributes on the input form controls. Then the action method is invoked, and the action method can obtain the user id and password from their corresponding backing bean properties.

In security, the #1 rule is "volunteer NOTHING". Just ask the NSA. So for a user authentication, you don't fetch the user ID and password from the database, you ask the database whether there's a match on the submitted user ID/password.

In SQL terms:


If the returned count is "1", the credentials are valid. If the returned count is 0, the credential are not valid. Any other numbers would indicate that your database design is probably flawed.
 
Miguel Porto
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


I got the message, thank you very much.

I got excited with the (few) things i learned in hibernate and i thought i could make the login application like this.

Thank you for your posts!
Miguel
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!