• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

login for different users in jsf framework

Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello everyone, I am very new to jsf. I am in learning stage. i just created one sample project for login. while running the code, i am getting error. All the jars files are added in the lib of WEB-INF.I am adding all the codes and the screenshot of the error, which i am getting.
Hoping for positive reply.
Thanks in advance.

Eclipse Console







super admin.jsp





[Thumbnail for Capturejava.JPG]
project schema 1
[Thumbnail for Capturejava2.JPG]
project schema 2
Saloon Keeper
Posts: 27817
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's more code there than any of us unpaid chickens want to read. Plus you didn't say exactly what the error is.

So: https://coderanch.com/how-to/java/IsolateTheProblem

And: https://coderanch.com/how-to/java/ItDoesntWorkIsUseless

You're more likely to get an answer that way.

Beyond that, the technical term for "I wrote my own login code" is "Hacked". Or "pwned". J2EE/JEE has a built-in security system that has been around for well over a decade without any reported cases of being broken. Over 90% of the user-written security systems I've seen over that time period could be broken by non-technical personnel in 15 minutes or less. Unless you are a full-time trained security professional and not merely clever, working for "clever" people who thought they could invent a secure system, or otherwise not dedicated full time to security, you really shouldn't be writing security code. Use the stuff that full-time security professionals designed. It's in your server anyway, so you might as well use it.

To give just one example of where people go wrong when they design their own security system, you are violating a cardinal rule in security because you are asking the database server to return a password to the application code. A more appropriate query looks like this:

This sort of query doesn't return sensitive data, it merely confirms whether the data in question exists or not. If the query returns a count of 0, then either the userID or password is invalid.
    Bookmark Topic Watch Topic
  • New Topic