Simple authentication example with level without Hibernate and spring

Question

Simple authentication example with level without Hibernate and spring

Asked 10 years, 5 months ago

Viewed 2,022 times

1

I would like a simple example of user authentication.

I already have the table in the database, which contains the user data and level (Administrator, common user).

As I have no time to mess with Hibernate and Spring, I want to know if I have to put a method (I’m using the DAO standard) that queries the database by selecting username and password and if I have to create a special Managedbean for the authentication part.

I have to create a file .xhtml to the login page.

2 answers

Browser other questions tagged java jsf jdbc

You are not signed in. Login or sign up in order to post.

by uaiHebert • **2,625** points · Answer 1 · 2014-05-23T03:23:42+00:00

The simplest way is with Filter. With the filter, which is already from java, you can intercept the request and validate whether a particular user is active or not.

With the filter you can determine which folder/file the user can access logged in or not.

Here is an example: http://uaihebert.com/? p=1414

So you could set up a filter on the web.xml:

<filter>
    <filter-name>AdminPagesFilter</filter-name>
    <filter-class>com.filter.AdminPagesFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>AdminPagesFilter</filter-name>
    <url-pattern>/pages/protected/admin/*</url-pattern>
</filter-mapping>

And a filter could be declared as:

public class AdminPagesFilter extends AbstractFilter implements Filter {

    @Override
    public void destroy() {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,     FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        User user = (User) req.getSession(true).getAttribute("user");

        if (!user.isAdmin()) {
            accessDenied(request, response, req);
            return;
        }

        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {

    }
}

by wwsdiniz • 1 point · Answer 2 · 2014-05-22T13:48:46+00:00

For practicality, I recommend that you use spring-security. It controls for you access to the pages you define and still has a role mechanism, which allows you to have different levels of access.

Below is an example of basic login:

http://www.mkyong.com/spring-security/spring-security-hello-world-example/