• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Display of error message with Primefaces For spring security authentication

 
Ranch Hand
Posts: 47
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would like to integrate validation for spring security with Primefaces, I wanted to display an error message during authentication. The message is displayed with the following code using JSF:



How can we only use primefaces to display this message knowing that the message display is done with the control p-message

Thanks in advance.

 
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First, check to see if Spring Security is doing validation all by itself or if it's hooked into JEE standard security. In the case of JEE standard security, you'd have defined a login page and a loginfail page in /WEB-INF/web.xml or an equivalent, and in that case there would be no actual application logic because login is handled by your webapp server and not by the application. The loginfail page can simply be static HTML content.

Regardless, I do recommend that a "login fail" page should not have any fancy logic on it because the extra logic/controls allow the potential to weasel past security in the post-loginfail section of the webapp. I prefer a stark basic HTML fail page. Dead end.

As far as using the p:messages tag itself goes, roughly speaking, the application code has to obtain the FacesContext and use the addMessage() method to add your custom message(s) to the set of FacesMessages being sent to the client.
 
Steve Dev
Ranch Hand
Posts: 47
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The Error handling is done through a redirect to the "login.xhtml?error=true" link, this is done automatically by the SecurityConfig class.


In the login.xhtml page, there is the error=true parameter which will be used to display the error message. This is done with the following method as described above:


Now we just want to use Primefaces to display the error message in order to use the same method of displaying the error message in the application.
Displaying messages with Primefaces is done with the following method:

There is no parameter "rendered" and "value" in "p:messages" like the one for "p:outputLabel ".
 
Tim Holloway
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Steve Dev wrote:
There is no parameter "rendered" and "value" in "p:messages" like the one for "p:outputLabel ".



That is correct. If there are eligible messages, they will be rendered. If not, nothing will render. There is no value because the value is always taken from the FacesMessages collection of the FacesContext.

Normally, all FacesMessages will be rendered by the messages tag, but you can limit that using the "for=" attribute. Assign a label to the FacesMessage when you add it to the FacesContext and the tag will look only for that label. The label is normally the ID of a control that you want the message to relate to, but if I'm not mistaken you can use any ID and not just one that maps to a control on the View Template.
 
Tim Holloway
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also, using the same URL for both login and login fail is false economy. For the most secure operation, both the primary and failure login pages should have minimal content. So a static page with a Stop-sign icon and LOGIN FAILED as the header would be sufficient (and require less coding overall = less possible bugs to exploit).
 
Steve Dev
Ranch Hand
Posts: 47
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Solution was found based on this discussion.
So, we can use the Jquery in order to display custom message in p:messages control according to a parameter value:


 
snakes are really good at eating slugs. And you wouldn't think it, but so are tiny ads:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic