1
I would like a simple example of user authentication.
I already have the table in the database, which contains the user data and level (Administrator, common user).
As I have no time to mess with Hibernate and Spring, I want to know if I have to put a method (I’m using the DAO standard) that queries the database by selecting username and password and if I have to create a special Managedbean for the authentication part.
I have to create a file .xhtml to the login page.
2
The simplest way is with Filter. With the filter, which is already from java, you can intercept the request and validate whether a particular user is active or not.
With the filter you can determine which folder/file the user can access logged in or not.
Here is an example: http://uaihebert.com/? p=1414
So you could set up a filter on the web.xml:
<filter>
<filter-name>AdminPagesFilter</filter-name>
<filter-class>com.filter.AdminPagesFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminPagesFilter</filter-name>
<url-pattern>/pages/protected/admin/*</url-pattern>
</filter-mapping>
And a filter could be declared as:
public class AdminPagesFilter extends AbstractFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
User user = (User) req.getSession(true).getAttribute("user");
if (!user.isAdmin()) {
accessDenied(request, response, req);
return;
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
0
For practicality, I recommend that you use spring-security. It controls for you access to the pages you define and still has a role mechanism, which allows you to have different levels of access.
Below is an example of basic login:
http://www.mkyong.com/spring-security/spring-security-hello-world-example/
Browser other questions tagged java jsf jdbc
You are not signed in. Login or sign up in order to post.
Add more content to your reply. Usually responses containing only links are not very well seen, after all, if the site goes off the air the answer becomes useless, in addition to being in another language.
– Filipe.Fonseca