Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

login for different users in jsf framework

srikant Kumar
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone, I am very new to jsf. I am in learning stage. i just created one sample project for login. while running the code, i am getting error. All the jars files are added in the lib of WEB-INF.I am adding all the codes and the screenshot of the error, which i am getting.
Hoping for positive reply.
Thanks in advance.

Eclipse Console







super admin.jsp

[Thumbnail for Capturejava.JPG]
project schema 1
[Thumbnail for Capturejava2.JPG]
project schema 2
Tim Holloway
Saloon Keeper
Posts: 18325
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's more code there than any of us unpaid chickens want to read. Plus you didn't say exactly what the error is.



You're more likely to get an answer that way.

Beyond that, the technical term for "I wrote my own login code" is "Hacked". Or "pwned". J2EE/JEE has a built-in security system that has been around for well over a decade without any reported cases of being broken. Over 90% of the user-written security systems I've seen over that time period could be broken by non-technical personnel in 15 minutes or less. Unless you are a full-time trained security professional and not merely clever, working for "clever" people who thought they could invent a secure system, or otherwise not dedicated full time to security, you really shouldn't be writing security code. Use the stuff that full-time security professionals designed. It's in your server anyway, so you might as well use it.

To give just one example of where people go wrong when they design their own security system, you are violating a cardinal rule in security because you are asking the database server to return a password to the application code. A more appropriate query looks like this:

This sort of query doesn't return sensitive data, it merely confirms whether the data in question exists or not. If the query returns a count of 0, then either the userID or password is invalid.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic