java - Simple login and logout capabilities for my web app(JSF 2.0) -

-

this morning rode chapters 39,40 , 41 of jee6 tutorial. very, confused. don't have background on web-app security jee6, , having big difficulties understand , implement.

i need create authorization mechanism web app, scenario not simple begginer in jee6 me decided try find easiest way it.

i thought explain idea, can correct me , give me advice on how best easiest way it.

idea:

my web app uses primefaces component called dock pops log in dialog when use clicks in last item. navigation tool located in jsf template used other pages in application.

    <h:body> <p:dock position="top">      <p:menuitem value="naslovna" icon="unsecuredimages/naslovna.png" url="main.xhtml"         alt="the image not found." />     <p:menuitem value="register" icon="unsecuredimages/register.png"         url="registration.xhtml" alt="the image not found." />     <p:menuitem value="cesta pitanja" icon="unsecuredimages/faq.png"         url="faq.xhtml" alt="the image not found." />         <!-- login not have page, pop login dialog -->     <p:menuitem value="login" icon="unsecuredimages/login.png" url="#" onclick="dlg.show()"/>        </p:dock> <p:dialog header="prijavite se" widgetvar="dlg"  modal="true" draggable="false" resizable="false" effect="slide">        <h:outputtext value="em@il:" /><h:inputtext id="email" value=""/>      <br/>        <h:outputtext value="lozinka:" /><h:inputtext id="password" value=""/>      <br/>       <h:commandbutton value="prijavi se" /> </p:dialog>          <br/><br/><br/><br/><br/><br/>   <ui:insert name="mainform" /> <ui:insert name="registrationform" /> <ui:insert name="registrationbuyerform" /> <ui:insert name="registrationsellerform" /> <ui:insert name="faqform" /> <ui:insert name="registrationsuccessform" />   </h:body>

that jsf think should have backing bean handles email , password on ejb.

import javax.ejb.ejb; import javax.enterprise.context.sessionscoped; import javax.faces.bean.managedbean; import ejbinterfaces.iauthentificationejb; @managedbean @sessionscoped public class securitycontroller { @ejb private iauthentificationejb authentificationejb; private string email; private string password;  public void login() {     authentificationejb.saveuserstate(email, password); }  public string getemail() {     return email; }  public string getpassword() {     return password; }  public void setemail(string email) {     this.email = email; }  public void setpassword(string password) {     this.password = password; }

}

then ejb should login , log out(this confused):

@stateful(name = "ejbs/authentificationejb") public class authentificationejb implements iauthentificationejb {       //login public boolean saveuserstate(string email,string password) {     //1-send query database see if user exist     //2-if query returns user object, store somewhere in session(how?)     //3-return true if user state saved     //4-return false otherwise     return false; }   //logout public void releaseuserstate() {     //1-check if there saved in session(or wherever state saved)     //2-if 1 flush }  //check if user logged in public boolean checkauthentificationstatus() {     //1-check if there saved in session(this means user logged in)     //2-if there not user loged, return false     return false; }

}

i decided not use jdbc realm or other of authentification mechanisms explained in jee6 tutorial, because confused, think easier me manually. doubts have approach:

  • is approach correct(can done way)?
  • should ejb @stateless or @statefull in case(the user retrived database ony has 2 string fields)?

  • where should store id of retrieved user database, last until user decides logout?

  • if have store user state in session until he/she decides logout, how can it?

  • with approach session user delated when closes browser without logging out(if no, how can expire his/her session automatically after while if there not activity?)

ill appreciate lot help.

some pieces of puzzle:

is approach correct(can done way)?

yes can. can choose between container managed security or application managed.

should ejb @stateless or @statefull in case(the user retrived database ony has 2 string fields)?

if store id of logged in user in session context (see below), think can stateless bean (from theory).

where should store id of retrieved user database, last until user decides logout?

you can store in session context:

facescontext.getcurrentinstance().getexternalcontext().getsessionmap().put("userid", email);

use getsessionmap()#get("userid") in order check stored userid.

with approach session user delated when closes browser without logging out(if no, how can expire his/her session automatically after while if there not activity?)

no, session expire automatically when reaching timeout. timeout can set in web.xml:

<session-config>    <session-timeout>60</session-timeout> </session-config>

this setting means, sessions time out after 60 minutes of server inactivity.


Comments

Post a Comment

Popular posts from this blog

php - What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']? -

-
what’s difference between $_server['path_info'] , $_server['orig_path_info'] ? how use them? when run print_r($_server) , path_info , orig_path_info not present in array. why not? how can enable them? i have read php manual on them, still don’t understand them. the path_info variable present if invoke php script this: http://www.example.com/phpinfo.php/hello_there it's /hello_there part after .php script. if don't invoke url that, there won't $_server["path_info"] environment variable. the porig_ prefix uncommon. path_info standard cgi-environment variable, , should never prefixed. did read that? (there issues around php3/php4 if invoked php interpreter via cgi-bin/ - hardly has such setups today.) for reference: http://www.ietf.org/rfc/rfc3875
Read more

fortran - Function return type mismatch -

-
i'm attempting recode old c++ program in fortran make use of lapack (i'm aware c++ have lapack++, i'm having lot of trouble installing it, gave up). i didn't have problems compilation, when had variables declared real . when started coding section of program required lapack, found parameters passed dsyev need double precision . tried change double precision (including changing hard coded numbers double precision counterparts, i.e. 0.0 -> 0.0d0) when try compile, following error of functions , subroutines i've written: error: return type mismatch of function <function> @ (1) (real(4)/real(8)) i'm not sure coming from, in program has been changed double precision. for example, i've declared following: double precision :: alpha(3),d(3),zeta1,zeta2 double precision :: a1(3),a2(3),d1(3),d2(3) double precision :: pi pi = 3.14159265359d0 alpha = (/0.109818d0, 0.405771d0, 2.22766d0/) d = (/0.444635d0, 0.535328d0, 0.154329d0 /) 10 i=1,3 ...
Read more

queue - mq_receive: message too long -

-
i implementing communication between 2 processes using queue. problem when call function mq_receive, error: message long. i have done following: struct mq_attr attr; long size = attr.mq_msgsize; .... // initializing queue "/gateway" int rc = mq_receive(gateway, buffer, size, &prio); if print size value, size=1, while when print same size program (got same mechanism), not long integer ( -1217186280 )... how can solve error?....so while size = 1, believe it's right "message long" why 1? p.s. have tried put : int rc = mq_receive(gateway, buffer, sizeof(buffer), &prio); but no result. it seems need read docs more carefully. when call mq_receive should pass size of destination buffer. this size must greater mq_msgsize attribute of queue . in addition, seems have error in queue attributes initialisation makes proper mq_receive call impossible. here standard message queue session: fill mq_attr struct ( doc ): struct mq_a...
Read more