NetBeans Forums
| View previous topic :: View next topic |
| Author |
Message |
padjester
Joined: 14 Jul 2009
Posts: 33
|
 Posted: Thu Jul 08, 2010 1:40 pm Post subject: Securing a web application. |
 |
|
Netbeans6.8, JSF2, Glassfish v3.
Hi there
I was hoping someone could help me with a problem I am having configuring security for my web application. I am a newbie still. So far I have created the form, a managed beans for behind the form and a entity bean that maps name and password to my database.
I am currently trying to configure a stateless session bean using JPA to access the database and implement the logic. In this stateless session bean I would like to use entity manager to query, login and logout the user.
I would like to use something like the following query;
EntityManager em = ...
Query query = em.createQuery("select User u where u.username = 'bob'");
User user = (User) query.getSingleResult();
if (null != user) {
// User found
System.out.println("Found user[" + user.getUsername() + "]" +
with password[" + user.getPassword() + "]");
}
What I do not understand is "("select User u where u.username = 'bob'"); What does u.username represent? I would also like to find, authenticate(Login) and Logout a user.
In the place of "bob" above I would like to query a datatable for my users and passwords.
I would like the AuthenticationBean to find and authenticate a user that wants to log in as well as the current user logged in to log out.
My current code is as follows;
Login.xhtml
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html">
<h:head>
</h:head>
<h:body>
<h:form>
<h:outputLabel value="User Name:"/>
<h:inputText value="#{LoginBean.name}"/>
<h:outputLabel value="Password:"/>
<h:inputText value="#{LoginBean.password}"/>
<h:commandButton action="#{LoginBean.login}" value="Login"/>
</h:form>
</h:body>
</html>
Login.java (This is the managed bean behind the form)
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package OH;
import javax.ejb.EJB;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.RequestScoped;
//import javax.*;
//import java.*;
/**
*
* @author Padjester
*/
@ManagedBean(name="LoginBean")
@RequestScoped
public class LoginBean {
@EJB LoginService loginService;
private String name;
private String password;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String login () {
String loginSuccess = this.loginService.loginUser
(name, password);
return "Successfully logged in to the system";
}
/** Creates a new instance of LoginBean */
public LoginBean() {
}
}
Users.java (This is the entity bean that maps name and password to my password.)
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package OH;
import java.io.Serializable;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
/**
*
* @author Padjester
*/
@Entity
@Table(name=USERS)
public class Users implements Serializable {
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue (strategy = GenerationType.AUTO)
private String name;
private String password; //check same as db
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
AuthenticationBean.java (This is my stateless session bean, that
uses JPA to access the database and implement the business logic)
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package OH;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
/**
*
* @author Padjester
*/
@Stateless
@LocalBean
public class AuthenticationBean {
@PersistenceContext(unitName = "ProjectOHPU")
private EntityManager em;
public String loginUser(String name, String password){
}
}
I have setup a JDBC realm on Glassfish as well as the relevant connection pool, etc.
Any help or advise would be greatly appreciated.
Kind regards |
|
| Back to top |
|
 |
moandor
Joined: 08 Jul 2010
Posts: 2
|
| Posted: Thu Jul 08, 2010 7:14 pm Post subject: sql |
|
|
hello fellow,
you are right on the way to sql querys!
SQL is in easy terms the language of relational databases.
Your expression | Quote: | | select User u where u.username = 'bob' |
means in my opinion get me all entries from the table u from the column user where the column username is = 'bob'.
So u has to be your tablename. But I'm afraid that your expression is incomplete because it has to be | Quote: | | select User from u where u.username = 'bob' |
i hope i could help you |
|
| Back to top |
|
|
julsorio
Joined: 05 Jun 2009
Posts: 168
Location: Bogota, Colombia, South America
|
| Posted: Fri Jul 09, 2010 12:09 am Post subject: Re: Securing a web application. |
|
|
On 8 July 2010 08:41, padjester <address-removed ([email]address-removed[/email])> wrote:
| Quote: | Netbeans6.8, JSF2, Glassfish v3.
Hi there
I was hoping someone could help me with a problem I am having configuring security for my web application. I am a newbie still. So far I have created the form, a managed beans for behind the form and a entity bean that maps name and password to my database.
I am currently trying to configure a stateless session bean using JPA to access the database and implement the logic. |
|
| Back to top |
|
|
dipesh
Posted via mailing list.
|
| Posted: Fri Jul 09, 2010 7:38 am Post subject: Re: Securing a web application. |
|
|
Hi,
What does u.username represent?
Basically u is variable assigned to instance of Class User
User u
u.username is username field in User class which is mapped to Username column of USER Table
Hope it will help
Dipesh Grag
-----Original Message-----
From: padjester [mailto:address-removed]
Sent: Thursday, July 08, 2010 7:12 PM
To: address-removed
Subject: [nbj2ee] Securing a web application.
Netbeans6.8, JSF2, Glassfish v3.
Hi there
I was hoping someone could help me with a problem I am having configuring security for my web application. I am a newbie still. So far I have created the form, a managed beans for behind the form and a entity bean that maps name and password to my database.
I am currently trying to configure a stateless session bean using JPA to access the database and implement the logic. In this stateless session bean I would like to use entity manager to query, login and logout the user.
I would like to use something like the following query;
EntityManager em = ...
Query query = em.createQuery("select User u where u.username = 'bob'");
User user = (User) query.getSingleResult();
if (null != user) {
// User found
System.out.println("Found user[" + user.getUsername() + "]" +
with password[" + user.getPassword() + "]");
}
What I do not understand is "("select User u where u.username = 'bob'"); What does u.username represent? I would also like to find, authenticate(Login) and Logout a user.
In the place of "bob" above I would like to query a datatable for my users and passwords.
I would like the AuthenticationBean to find and authenticate a user that wants to log in as well as the current user logged in to log out.
My current code is as follows;
Login.xhtml
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html">
<h:head>
</h:head>
<h:body>
<h:form>
<h:outputLabel value="User Name:"/>
<h:inputText value="#{LoginBean.name}"/>
<h:outputLabel value="Password:"/>
<h:inputText value="#{LoginBean.password}"/>
<h:commandButton action="#{LoginBean.login}" value="Login"/>
</h:form>
</h:body>
</html>
Login.java (This is the managed bean behind the form)
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package OH;
import javax.ejb.EJB;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.RequestScoped;
//import javax.*;
//import java.*;
/**
*
* @author Padjester
*/
@ManagedBean(name="LoginBean")
@RequestScoped
public class LoginBean {
@EJB LoginService loginService;
private String name;
private String password;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String login () {
String loginSuccess = this.loginService.loginUser
(name, password);
return "Successfully logged in to the system";
}
/** Creates a new instance of LoginBean */
public LoginBean() {
}
}
Users.java (This is the entity bean that maps name and password to my password.)
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package OH;
import java.io.Serializable;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
/**
*
* @author Padjester
*/
@Entity
@Table(name=USERS)
public class Users implements Serializable {
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue (strategy = GenerationType.AUTO)
private String name;
private String password; //check same as db
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
AuthenticationBean.java (This is my stateless session bean, that
uses JPA to access the database and implement the business logic)
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package OH;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
/**
*
* @author Padjester
*/
@Stateless
@LocalBean
public class AuthenticationBean {
@PersistenceContext(unitName = "ProjectOHPU")
private EntityManager em;
public String loginUser(String name, String password){
}
}
I have setup a JDBC realm on Glassfish as well as the relevant connection pool, etc.
Any help or advise would be greatly appreciated.
Kind regards
| Quote: |
DISCLAIMER
This email message and any accompanying attachments may contain confidential information.
If you are not the intended recipient, do not read, use, disseminate, distribute or copy
this message or attachments. If you have received this message in error, please notify the
sender immediately and delete this message. Any views expressed in this message are those
of the individual sender, except where the sender expressly, and with authority, states
them to be the views of eRevMax Technologies, Inc. Before opening any attachments, please
check them for viruses and defects.
|
|
|
| Back to top |
|
|
padjester
Joined: 14 Jul 2009
Posts: 33
|
| Posted: Fri Jul 09, 2010 9:46 am Post subject: Securing a Java EE6 application with JPA |
|
|
Hi there, Dipesh, Julsorio and Moandor
Thank you for you fast reply. Julsorio, I see your response is empty do you mind posting it again?
I am busy trying out your advice. I have created a login screen where a user will enter their username and password. These parameters that the user enters on the login.html page must then be passed to Users.java (Entity class), UserGroups.java (Entity class) and LoginBean.java (Backing bean for login.xhtml). I am not sure in which order? Ultimately the parameters must be compared to the two tables in the AuthenticationBean.java. I am not sure how to map all of this together so that it ultimately authenticates in the AuthentiicateBean.java.
I have two tables, the first table is called USERS with columns; USER_NAME and PASSWORD. The second table is called USER_GROUPS with columns; USER_GROUPS_ID, USER_NAME and GROUP_NAME.
I would like my query to search the USER Table and the USER_GROUPS table to see if the user that has logged on belongs to the relevant group and therefor has the permission to view certain web pages.
Select USERS.USER_NAME, USER_GROUPS.GROUP_NAME
from USERS, USER_GROUPS
where ????? (name and password from Login.xhtml)
If the query is not successful the user sees an error page.
After this query is successful do I invoke a method for authentication? How do I go about doing this?
Would you perhaps be able to advise me on this issue?
Thank you again.
Kind regards
Padjester |
|
| Back to top |
|
|
julsorio
Joined: 05 Jun 2009
Posts: 168
Location: Bogota, Colombia, South America
|
| Posted: Mon Jul 12, 2010 4:23 pm Post subject: Re: Securing a web application. |
|
|
Greetings.
You have to read about JPA
JPA queries are different from sql queries because JPA are about objects.
For this case you can use JPA Native Queries to join the tables by user id
On 9 July 2010 04:47, padjester <address-removed ([email]address-removed[/email])> wrote:
| Quote: | Hi there, Dipesh, Julsorio and Moandor
Thank you for you fast reply. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
