login for different users in jsf framework

Hello everyone, I am very new to jsf. I am in learning stage. i just created one sample project for login. while running the code, i am getting error. All the jars files are added in the lib of WEB-INF.I am adding all the codes and the screenshot of the error, which i am getting.
Hoping for positive reply.
Thanks in advance.

Eclipse Console
Jun 13, 2015 1:08:42 PM org.apache.tomcat.util.digester.SetPropertiesRule begin WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:WirelessJSF' did not find a matching property. Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server version: Apache Tomcat/7.0.62 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server built: May 7 2015 17:14:55 UTC Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server number: 7.0.62.0 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Name: Windows 7 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Version: 6.1 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Architecture: x86 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Java Home: C:\Program Files\Java\jre7 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Version: 1.7.0_79-b15 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Vendor: Oracle Corporation Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_BASE: C:\Users\ekusrik\workspace_indigo\.metadata\.plugins\org.eclipse.wst.server.core\tmp0 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_HOME: C:\Program Files\Apache Software Foundation\Tomcat 7.0 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.base=C:\Users\ekusrik\workspace_indigo\.metadata\.plugins\org.eclipse.wst.server.core\tmp0 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.home=C:\Program Files\Apache Software Foundation\Tomcat 7.0 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dwtp.deploy=C:\Users\ekusrik\workspace_indigo\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.endorsed.dirs=C:\Program Files\Apache Software Foundation\Tomcat 7.0\endorsed Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dfile.encoding=Cp1252 Jun 13, 2015 1:08:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jre7\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:/Program Files/Java/jre7/bin/client;C:/Program Files/Java/jre7/bin;C:/Program Files/Java/jre7/lib/i386;C:\app\ekusrik\product\11.2.0\dbhome_1\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;;C:\Users\ekusrik\Desktop\work\eclipse;;. Jun 13, 2015 1:08:42 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-bio-8080"] Jun 13, 2015 1:08:42 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["ajp-bio-8009"] Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 468 ms Jun 13, 2015 1:08:42 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Jun 13, 2015 1:08:42 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.62 Jun 13, 2015 1:08:42 PM org.apache.catalina.startup.TldConfig execute INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. Jun 13, 2015 1:08:43 PM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(C:\Users\ekusrik\workspace_indigo\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps\WirelessJSF\WEB-INF\lib\servlet-api-3.0.jar) - jar not loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: javax/servlet/Servlet.class Jun 13, 2015 1:08:43 PM org.apache.catalina.startup.TldConfig execute INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. Jun 13, 2015 1:08:44 PM com.sun.faces.config.ConfigureListener contextInitialized INFO: Initializing Mojarra 2.1.7 (SNAPSHOT 20120206) for context '/WirelessJSF' Jun 13, 2015 1:08:44 PM com.sun.faces.spi.InjectionProviderFactory createInstance INFO: JSF1048: PostConstruct/PreDestroy annotations present. ManagedBeans methods marked with these annotations will have said annotations processed. Jun 13, 2015 1:08:44 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-8080"] Jun 13, 2015 1:08:44 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["ajp-bio-8009"] Jun 13, 2015 1:08:44 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 2440 ms

faces-config.xml
<?xml version="1.0" encoding="UTF-8"?> <faces-config xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd" version="2.0"> <navigation-rule> <from-view-id>/login.jsp</from-view-id> <navigation-case> <from-action>#{login.validateUserPasswordRole}</from-action> <from-outcome>admin</from-outcome> <to-view-id>/admin.jsp</to-view-id> </navigation-case> </navigation-rule> </faces-config>

web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>WirelessJSF</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.jsp</url-pattern> </servlet-mapping> </web-app>


index.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%> <%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <h:commandLink action="#{login.jsp}" value="click to login"></h:commandLink> </body> </html>

login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%> <%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html"> <h:head> <title>login</title> </h:head> <h:body> <h:form> <h3>JSF Login Logout</h3> <h:outputText value="Username" /> <h:inputText id="username" value="#{login.username}"></h:inputText> <h:message for="username"></h:message> <br /><br /> <h:outputText value="Password" /> <h:inputSecret id="password" value="#{login.password}"></h:inputSecret> <h:message for="password"></h:message> <br /><br /> <h:commandButton action="#{login.validateUsernamePassword}" value="Login"></h:commandButton> </h:form> </h:body> </html>


employee.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%> <%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html"> <h:head> <title>Facelet Title</title> </h:head> <h:body> <h:form> <p>Welcome #{login.user}</p> <h:commandLink action="#{login.logout}" value="Logout"></h:commandLink> </h:form> </h:body> </html>


admin.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%> <%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html"> <h:head> <title>Facelet Title</title> </h:head> <h:body> <h:form> <p>Welcome #{login.user}</p> <h:commandLink action="#{login.logout}" value="Logout"></h:commandLink> </h:form> </h:body> </html>


super admin.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%> <%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html"> <h:head> <title>Facelet Title</title> </h:head> <h:body> <h:form> <p>Welcome #{login.user}</p> <h:commandLink action="#{login.logout}" value="Logout"></h:commandLink> </h:form> </h:body> </html>


Crud
package org.ericsson.wireless.connection; import java.sql.Connection; import java.sql.DriverManager; public class Crud { public static Connection getConnection() { try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager.getConnection( "jdbc:mysql://localhost:3306/cardb", "pankaj", "pankaj123"); return con; } catch (Exception ex) { System.out.println("Database.getConnection() Error -->" + ex.getMessage()); return null; } } public static void close(Connection con) { try { con.close(); } catch (Exception ex) { } } }

SessionBean.java
package org.ericsson.wireless.LoginSession; import javax.faces.context.FacesContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; public class SessionBean { public static HttpSession getSession() { return (HttpSession) FacesContext.getCurrentInstance() .getExternalContext().getSession(false); } public static HttpServletRequest getRequest() { return (HttpServletRequest) FacesContext.getCurrentInstance() .getExternalContext().getRequest(); } public static String getUserName() { HttpSession session = (HttpSession) FacesContext.getCurrentInstance() .getExternalContext().getSession(false); return session.getAttribute("username").toString(); } public static String getUserId() { HttpSession session = getSession(); if (session != null) return (String) session.getAttribute("userid"); else return null; } }


LoginModel.java
package org.ericsson.wireless.loginModel; import org.ericsson.wireless.Login.Dao.*; import org.ericsson.wireless.LoginSession.SessionBean; import java.io.Serializable; import javax.faces.application.FacesMessage; import javax.faces.bean.ManagedBean; import javax.faces.bean.SessionScoped; import javax.faces.context.FacesContext; import javax.servlet.http.HttpSession; @ManagedBean @SessionScoped public class LoginModel { private String username; private String password; private String userrole; public LoginModel(String username, String password, String userrole) { super(); this.username = username; this.password = password; this.userrole = userrole; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getUserrole() { return userrole; } public void setUserrole(String userrole) { this.userrole = userrole; } //validate login public String validateUsernamePassword() { String valid = LoginDao.validate(username, password, userrole); if (valid.equals("Super Admin")) { HttpSession session = SessionBean.getSession(); session.setAttribute("username", username); return "Super Admin"; } else if (valid.equals("Admin")) { HttpSession session = SessionBean.getSession(); session.setAttribute("username", username); return "Admin"; } else if (valid.equals("Employee")) { HttpSession session = SessionBean.getSession(); session.setAttribute("username", username); return "Employee"; } else { FacesContext.getCurrentInstance().addMessage( null, new FacesMessage(FacesMessage.SEVERITY_WARN, "Incorrect Username and Passowrd", "Please enter correct username and Password")); return "login"; } } //logout event, invalidate session public String logout() { HttpSession session = SessionBean.getSession(); session.invalidate(); return "login"; } }



AuthorizationFilter.java
package org.ericsson.wireless.LoginAuthorization; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @WebFilter(filterName = "AuthFilter", urlPatterns = { "*.xhtml" }) public class AuthorizationFilter implements Filter { public AuthorizationFilter() { } @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { try { HttpServletRequest reqt = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; HttpSession ses = reqt.getSession(false); String reqURI = reqt.getRequestURI(); if (reqURI.indexOf("/login.jsp") >= 0 || (ses != null && ses.getAttribute("username") != null) || reqURI.indexOf("/public/") >= 0 || reqURI.contains("javax.faces.resource")) chain.doFilter(request, response); else resp.sendRedirect(reqt.getContextPath() + "/login.jsp"); } catch (Exception e) { System.out.println(e.getMessage()); } } @Override public void destroy() { } }


LoginDao.java
package org.ericsson.wireless.Login.Dao; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import org.ericsson.wireless.connection.Crud; public class LoginDao { public static String validate(String username, String password, String userrole) { Connection con = null; PreparedStatement ps = null; try { con = Crud.getConnection(); ps = con.prepareStatement("Select uname, password, userrole from Users where uname = ? and password = ?"); ps.setString(1, username); ps.setString(2, password); ps.setString(3, userrole); ResultSet rs = ps.executeQuery(); if (rs.next()) { //result found, means valid inputs String type=rs.getString("userrole"); if("Super Admin".equals(type)){ return "Super Admin"; } else if("Admin".equals(type)){ return "Admin"; } else if("Employee".equals(type)){ return "Employee"; } } } catch (SQLException ex) { System.out.println("Login error -->" + ex.getMessage()); return ""; } finally { Crud.close(con); } return ""; } }

There's more code there than any of us unpaid chickens want to read. Plus you didn't say exactly what the error is.

So: https://coderanch.com/how-to/java/IsolateTheProblem

And: https://coderanch.com/how-to/java/ItDoesntWorkIsUseless

You're more likely to get an answer that way.

Beyond that, the technical term for "I wrote my own login code" is "Hacked". Or "pwned". J2EE/JEE has a built-in security system that has been around for well over a decade without any reported cases of being broken. Over 90% of the user-written security systems I've seen over that time period could be broken by non-technical personnel in 15 minutes or less. Unless you are a full-time trained security professional and not merely clever, working for "clever" people who thought they could invent a secure system, or otherwise not dedicated full time to security, you really shouldn't be writing security code. Use the stuff that full-time security professionals designed. It's in your server anyway, so you might as well use it.

To give just one example of where people go wrong when they design their own security system, you are violating a cardinal rule in security because you are asking the database server to return a password to the application code. A more appropriate query looks like this:
SELECT COUNT(*) FROM Users WHERE uname=? AND password=?

This sort of query doesn't return sensitive data, it merely confirms whether the data in question exists or not. If the query returns a count of 0, then either the userID or password is invalid.