0

When I login with an invalid account the error page appear but when the account is valid the login page is redirected ... Is it something in my code ?

This is my web.xml : 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/index.xhtml</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <display-name>admin</display-name>
        <web-resource-collection>
            <web-resource-name>admin</web-resource-name>
            <description/>
            <url-pattern>/faces/users/*</url-pattern>
            <url-pattern>/faces/groups/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>bob</realm-name>
        <form-login-config>
            <form-login-page>/Login.xhtml</form-login-page>
            <form-error-page>/error.xhtml</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description/>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <description/>
        <role-name>user</role-name>
    </security-role>
</web-app>

This is the index.xhtml(welcome page) that redirects to one of two pages (Login.xhtml or CreateAdmin.xhtml ) : 

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://xmlns.jcp.org/jsf/html"
      xmlns:f="http://xmlns.jcp.org/jsf/core"
      xmlns:ui="http://java.sun.com/jsf/facelets">
    <h:head>
        <title>Sign in </title>
        <h:outputStylesheet name="css/jsfcrud.css"/>
    </h:head>

 <f:view>
<ui:insert name="metadata"/>
<f:event type="preRenderView" listener="#{mngsession.methodInManagedBean()}" />
<h:body></h:body>
</f:view>
</html>

this is the function : methodInManagedBean called from the index : 

 public void methodInManagedBean() throws IOException, ClassNotFoundException, SQLException {
        int mmbrexist = 0;
        Class.forName("oracle.jdbc.driver.OracleDriver");
        Connection connection = null;
        connection = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:XE", "hr", "remoteusers");
        Statement stmt = null;
        String query = "select USERID  from users";
        try {
            stmt = connection.createStatement();
            ResultSet rs = stmt.executeQuery(query);
            while (rs.next()) {
                mmbrexist++;

            }
            // >
            if (mmbrexist > 0) { 
                nav.performNavigation("/Login.xhtml");
            } else {
                nav.performNavigation("/CreatingAdmin.xhtml");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            if (stmt != null) {
                stmt.close();
                connection.close();
            }
        }

    }

This is the login.xhtml : 

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://xmlns.jcp.org/jsf/html">
    <h:head>
        <title>Sign in </title>
        <h:outputStylesheet name="css/jsfcrud.css"/>
    </h:head>



    <style type="text/css" >
        td { text-align:left; font-family: verdana,arial; color: #064073; font-size: 1.00em; }
        input { border: 1px solid #CCCCCC; border-radius: 5px; color: #666666; display: inline-block; font-size: 1.00em;  padding: 5px; width: 100%; }
        input[type="button"], input[type="reset"], input[type="submit"] { height: auto; width: auto; cursor: pointer; box-shadow: 0px 0px 5px #0361A8; float: right; text-align:right; margin-top: 10px; margin-left:7px;}
        //form.center { margin-left:auto; margin-right:auto; }
        .error { font-family: verdana,arial; color: #D41313; font-size: 1.00em; }
        form { margin: 0 auto; width:500px;}
    </style>
    <h:body>

        <form action="j_security_check" method="POST">
            <table border="0">
                <tbody>
                    <tr>
                        <td slign="right">Username: &nbsp;</td>
                        <td><input type="text" name="j_username" value="" /></td>
                    </tr>
                    <tr>
                        <td slign="right">Password: &nbsp;</td>
                        <td><input type="password" name="j_password" value="" /></td>
                    </tr>
                    <tr>
                        <td></td>
                        <td><input type="submit" value="Login" /></td>
                    </tr>
                </tbody>
            </table>

        </form>

    </h:body>



</html>

Im using Glassfish with FORM authentication and I've configured a Realm named bob (as seen in web.xml)

13013Key
  • 9
  • 1
  • 11
  • Did you create a realm named bob inside GlassFish server? If it is successfully created, check to see, if a user is really authenticated, when correct credentials are given. Also, why are you playing with plain JDBC - opening a database connection on your own in a managed bean, if you already created a pool? – Tiny Jan 29 '15 at 10:43
  • Yes , I did create a ream named bob ... And as I said , When the account exists in the database u feel that the login is successful but the login page is redirected again ..... Can you please tell me after I press submit how does he know which page to go ? – 13013Key Jan 29 '15 at 13:27
  • You can do this in a Servlet, Filter or even in a managed bean depending upon your choice and requirements. You would use `request.login(userName, password);` for authenticating a user and `request.isUserInRole(roleName);` to see, if the user being authenticated has a said/correct role/authority associated (requires at least Servlet 3.0 - programmatic login. Both are covered there). [This](http://stackoverflow.com/q/2206911/1391249) question goes in details about it. Especially, see the "Update" section in [this](http://stackoverflow.com/a/2207147/1391249) answer. – Tiny Jan 30 '15 at 04:31

0 Answers0