stackoom
  简体   繁体   中英

Authorization and authentication on the web application with JSF, Hibernate and Tomcat

 原文  2014-04-15 14:42:42       hibernate/ jsf/ tomcat/ authentication/ authorization

Question

I am programming a Web-Application with Java EE, JSF, Hibernate, MySQL by using Eclipse and Apache Tomcat. I do not use Spring, EJB or etc.

I have simple login page. There are two inputs for username and password and submit button to pass values of inputs to the bean. If entries of users are matched with records in DB, then next page is opened. However, this process has a lack of security. If user enters a URL of next pages, he/she can easily skips login process without any security.

I know that my application needs authentication and authorization. I have googled these terms for three days. I learned lots of things, but I do not have found a simple solution for the application with JSF, Hibernate and worked on Apache Tomcat.

Is there any simple example that contains this kind of configuration? I do not need detailed management. Just a simple authentication (also maybe authorization).

I am really tired, please help me.

EDIT (1):

I chose "container managed authentication" as a login strategy and I develeped some code. com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'USER_NAME' in 'where clause' - container managed authentication . However, I get com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException. I hope to reach the solution, if you help me. All feedback appreciated!

EDIT (2):

I realized that "container managed authentication" has strict rules and it limits the freedom of coding. Programmer cannot write code based on requirements of application with this solution. Because of that, I implement Servlet-Filter solution which is old, but powerful, in my app. If you want to try new ones, Apache Shiro may be an option. I advise to look at the article of http://balusc.blogspot.com.tr/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html#ProgrammaticLogin

1 answers

solution1
 0  2014-04-15 20:58:45

Try using Spring security, it will allow to protect the application with authentication and authorization. See this tutorial as a starting point.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JSF with Hibernate sample web application Deploying Hibernate Web Application on Tomcat running on Debian running a spring hibernate web application on jetty and tomcat How to migrate a desktop application to web application by using JSF + Hibernate + Spring? Tomcat or JBoss for JSF, Hibernate project When should I close HIbernate Session Factory in JSF web application? Hibernate session handling when using lazy loading in a JSF web application I don't get session for Hibernate in thread for an web application in Tomcat Spring-Hibernate-JPA-Spring-Data-Maven-JSF Application Tomcat Startup Error Tomcat 404 Error with Spring Hibernate JSF compilation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM