Any feedback would be greatly appreciated. Thank you!
If it helps, I am using: Primefaces 5.0, JSF 2.1, JDK 1.7
I REALLY wish that almost every J2EE book under the sun didn't use a "login form" as a common programming example.
J2EE has a built-in security system (Container-Managed Security). It was developed by full-time security professionals. It is tested by professionals. Its primary mode of operation is to block unauthorized access attempts at the server level so that exploits in user code never see the attacks. Most of the time, this is what you should be using. although it's not JSF-based. If anyone has ever cracked it, the news hasn't reached me.
Please bear in mind also that "remember me" isn't just a server-defined function. A lot of web clients (Firefox, for example) have their own "remember me" abilities and what your local security experts think about what they should and shouldn't remember doesn't matter to them. More to the point, these functions are fully capable of jamming in stuff right over the top of your own data when the login form is displayed. Which may be why your cursor isn't ending up where you think it should.
As always, your informative replies are appreciated.
You indicated at the end of your reply that the cursor is ending up where I am not expecting it to likely due in part to the behavior of the browser itself. In fact, one thing I didn't mention in my initial post is that I did try the combination below. But it would just quickly flash the cursor in the Password field, but then position itself back in the User field.
All that aside, any other thoughts as to why p:focus doesn't seem to be working as expected? I checked out the demo for this component on the primefaces website, but no luck.
I'm willing to lay strong odds on that particular snippet failing because HTML is text and therefore has no concept of NULL.
This might work better:
Although as far as it goes, I don't like complex code on my View Templates, so I'd probably hard-code the focus function based on the server-side Model rather than testing the field at load time.
Fun fact: Have you ever noticed that most big-league login systems don't say "Invalid userid" or "invalid password"? That's because if a cracker knows that half of the credential pair is valid, the amount of work to break in is reduced by 50%!
Tim Holloway wrote: Fun fact: Have you ever noticed that most big-league login systems don't say "Invalid userid" or "invalid password"? That's because if a cracker knows that half of the credential pair is valid, the amount of work to break in is reduced by 50%!
That makes perfect sense. Why give any hacker a good starting point when they're trying to breach your security??? :wink:
The message that appears in our case is "Login failed", nothing more nothing less. Doesn't indicate which field was invalid. Again, further to your quote above, why help the hacker try to break into your system??
Thank you for the code tip. I will give it a try.