• Post Reply Bookmark Topic Watch Topic
  • New Topic

Issue with focus and validation working properly on input fields  RSS feed

 
Randy Maddocks
Ranch Hand
Posts: 172
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I have the following issue on a primefaces 5.0 login form: When the form loads, if the User field has a value in it (for example, the Remember Me feature is selected), I want the Password field to have focus. But when the form loads it continually sets focus on the User field, even if there is a value in it. In addition to that, if I enter an incorrect password, although I do get an error message, the focus is set on the User field. Below is my code. In all likelihood, I am either missing something, or am using p:focus incorrectly, or need to go back to school to learn how focus works.    :confused:

Any feedback would be greatly appreciated. Thank you!

If it helps, I am using: Primefaces 5.0, JSF 2.1, JDK 1.7


 
Randy Maddocks
Ranch Hand
Posts: 172
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, I should add that, for security reasons, we do not allow the Remember Me feature to remember the Password at login, only the User is remembered if Remember Me is selected.  Cheers.
 
Tim Holloway
Bartender
Posts: 18781
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, first I suppose that I should issue my standard disclaimer that user-designed login/security systems are all about as secure as wet toilet paper and that includes corporate-standard systems designed by the in-house genius (unless the genius in question is a trained full-time security professional). Based on my own experience, as well as a lot of other people's, about 95% of the user-designed systems cannot survive 15 minutes of random meddling by non-technical personnel.

I REALLY wish that almost every J2EE book under the sun didn't use a "login form" as a common programming example. 

J2EE has a built-in security system (Container-Managed Security). It was developed by full-time security professionals. It is tested by professionals. Its primary mode of operation is to block unauthorized access attempts at the server level so that exploits in user code never see the attacks. Most of the time, this is what you should be using. although it's not JSF-based. If anyone has ever cracked it, the news hasn't reached me.

Please bear in mind also that "remember me" isn't just a server-defined function. A lot of web clients (Firefox, for example) have their own "remember me" abilities and what your local security experts think about what they should and shouldn't remember doesn't matter to them. More to the point, these functions are fully capable of jamming in stuff right over the top of your own data when the login form is displayed. Which may be why your cursor isn't ending up where you think it should.
 
Randy Maddocks
Ranch Hand
Posts: 172
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,

As always, your informative replies are appreciated.

You indicated at the end of your reply that the cursor is ending up where I am not expecting it to likely due in part to the behavior of the browser itself. In fact, one thing I didn't mention in my initial post is that I did try the combination below. But it would just quickly flash the cursor in the Password field, but then position itself back in the User field.

Also tried this in the xhtml code (I have no doubt the javascript experts will cringe at the format of the code below...):



All that aside, any other thoughts as to why p:focus doesn't seem to be working as expected? I checked out the demo for this component on the primefaces website, but no luck.

Thanks again!
 
Tim Holloway
Bartender
Posts: 18781
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, I take no responsibility if sensitive corporate assets end up in the Crimea, but I did caution you.

I'm willing to lay strong odds on that particular snippet failing because HTML is text and therefore has no concept of NULL.

This might work better:


Although as far as it goes, I don't like complex code on my View Templates, so I'd probably hard-code the focus function based on the server-side Model rather than testing the field at load time.

Fun fact: Have you ever noticed that most big-league login systems don't say "Invalid userid" or "invalid password"? That's because if a cracker knows that half of the credential pair is valid, the amount of work to break in is reduced by 50%!
 
Randy Maddocks
Ranch Hand
Posts: 172
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote: Fun fact: Have you ever noticed that most big-league login systems don't say "Invalid userid" or "invalid password"? That's because if a cracker knows that half of the credential pair is valid, the amount of work to break in is reduced by 50%!


That makes perfect sense. Why give any hacker a good starting point when they're trying to breach your security???    :wink:

The message that appears in our case is "Login failed", nothing more nothing less. Doesn't indicate which field was invalid. Again, further to your quote above, why help the hacker try to break into your system??

Thank you for the code tip. I will give it a try.

Cheers Tim.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!