This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

login for different users in jsf framework  RSS feed

 
srikant Kumar
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone, I am very new to jsf. I am in learning stage. i just created one sample project for login. while running the code, i am getting error. All the jars files are added in the lib of WEB-INF.I am adding all the codes and the screenshot of the error, which i am getting.
Hoping for positive reply.
Thanks in advance.

Eclipse Console


faces-config.xml


web.xml



index.jsp


login.jsp



employee.jsp



admin.jsp



super admin.jsp



Crud


SessionBean.java



LoginModel.java




AuthorizationFilter.java



LoginDao.java
Capturejava.JPG
[Thumbnail for Capturejava.JPG]
project schema 1
Capturejava2.JPG
[Thumbnail for Capturejava2.JPG]
project schema 2
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's more code there than any of us unpaid chickens want to read. Plus you didn't say exactly what the error is.

So: http://www.coderanch.com/how-to/java/IsolateTheProblem

And: http://www.coderanch.com/how-to/java/ItDoesntWorkIsUseless

You're more likely to get an answer that way.

Beyond that, the technical term for "I wrote my own login code" is "Hacked". Or "pwned". J2EE/JEE has a built-in security system that has been around for well over a decade without any reported cases of being broken. Over 90% of the user-written security systems I've seen over that time period could be broken by non-technical personnel in 15 minutes or less. Unless you are a full-time trained security professional and not merely clever, working for "clever" people who thought they could invent a secure system, or otherwise not dedicated full time to security, you really shouldn't be writing security code. Use the stuff that full-time security professionals designed. It's in your server anyway, so you might as well use it.

To give just one example of where people go wrong when they design their own security system, you are violating a cardinal rule in security because you are asking the database server to return a password to the application code. A more appropriate query looks like this:


This sort of query doesn't return sensitive data, it merely confirms whether the data in question exists or not. If the query returns a count of 0, then either the userID or password is invalid.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!