web.xml中的JSF异常处理

Question

The problem is that I don't completely understand what exceptions are handled and what aren't. I created new com.me.exceptions.InvalidPasswordException and populated it in the web.xml along with other exceptions:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>/view/login.xhtml</welcome-file>
    </welcome-file-list>
    <error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/view/login.xhtml?faces-redirect=true</location>
<error-page>
    <exception-type>com.me.exceptions.InvalidPasswordException</exception-type>
    <location>/view/loginWrongPass.xhtml?faces-redirect=true</location>
</error-page>
<error-page>
    <exception-type>java.io.IOException</exception-type>
    <location>/view/404.xhtml?faces-redirect=true</location>
</error-page>
<filter>
<filter-name>AuthFulter</filter-name>
<filter-class>com.me.beans.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFulter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
 </web-app>

I throw it from the my LoginBean:

@ManagedBean(name = "loginBean")
@SessionScoped
public class LoginBean implements Serializable {
    private static final long serialVersionUID = 1L;
    private String userName;
    private String password;

    !!!getters and setters are omitted

    public String login() throws InvalidPasswordException, IOException {
        int result = UserDao.login(userName, password);
        if (result == 0) {
            System.out.println("home");
            return "home";
        }
        else if (result == 1) {
            throw new InvalidPasswordException();
        }
    }
}

Why my InvalidPasswordException is not handled? Also if I throw IOException from the same place, it also doesn't work, though IOException is handled if it is thrown in the case of wrong URI in the request. Though I can see stack traces of both in the logs. Also I tried to throw exceptions from filters, it also works fine.

Answer 1

in general throw InvalidPasswordException or InvalidUsernameException is not good practice. User pass credentials if you find user from db you will do login, if not return null and redirect to another page or the same page show message "user not found" . You are not compare password for throw exception!. The first your method must be change to

 public String login(){
        UserObject resultObject = UserDao.login(userName, password);
        if (resultObject  == null) {
            System.out.println("user not found ");
            return "home";
        }

       if (resultObject != null) {
            System.out.println("user in database ");
            System.out.println("create user profile context "    +resultObject.getEmail() + " saving user object to session);    
return "userProfilePage";
        }

return null;
    }

After changing logic you can throw exception if you need instead of returning/redirecting , but throw / catch is not best practice " "Do NOT throw exceptions if you can avoid it, it makes your code MUCH slower ".