Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Basic Questions about JSF, Login and Session

843844Mar 15 2007 — edited Mar 16 2007

Hi,
I try to implement a login/logout function on my jsf-website. I create one <form> with Login and Pass to enter. My AuthenticBean(sessionbean) checks login and pass. If Login is "ok" the login and pass will set in the authenticBean (min. value of login and pass = 2).
Now I check protected .jsf files (files who need a login) if in the AuthenticBean the login.equals("") or pass.equals(""). If so, the user is not logged in.

Is this a safe method or should I choose a better way to have secure login/logout functions. Perhaps its better to create a userSessionBean after a succeful login and check it with HttpServletRequest rq.getSession().getAttribute(userSessionBean)?

I am confused a little bit and I hope you'll help me:)

Thnx Alex

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 13 2007

Added on Mar 15 2007

#javaserver-faces

1 comment

142 views