Using Form-Based Login-in Javaserver Faces Web Applications

Start course
2h 6m

This course takes an in-depth look at security in Java Enterprise Edition. We'll cover a wide range of topics as listed below. Finally, we'll round off the course by taking a look at some example exam questions similar to those you can expect to find on the Oracle Certified Java EE exams.

Learning Objectives

  • Understand the fundamentals of security in Java EE
  • Learn the following concepts and features:
    • Securing GlassFish server
    • Working with users, groups, and roles
    • SSL
    • Securing your web applications
    • Securing enterprise beans
    • Digital certificates
    • Security architecture
    • Security threats
    • And much more...

Intended Audience

This course is intended for anyone who already has basic knowledge of Java and now wants to learn about Java Enterprise Edition.


Basic knowledge of Java programming


Using form-based login in JavaServer Faces Web applications. Using J_security_check in JavaServer Faces forms. Login forms are the most common way of authenticating a user in Web applications. Java EE security defines the J_security_check action for login forms. This allows the web container to authenticate users from many different Web application resources. Facelifts forms using the H:form, H:input Text, and H:input Secret tags. However, generate the action in input IDs automatically, which means developers are unable to specify J_security_check as the form action, nor can they set the username and password input field IDs to J_username and J_password respectively. Because of this, using standard html tags allows developers to specify the correct action and input IDs for the form. There is an example here, written in completely standard html. This form uses J_security_check action, but this form doesn't have access to the features of a JavaServer Faces application, such as automatic localization of strings and the use of templating to define the look and feel of the page.

By the way, a standard html form in combination with facelifts and html tags allows developers to use localized strings for the input field labels, while still ensuring the form uses standard Java EE security. There is such an example here. As you see, a combination of html and facelift tags are used. Using a managed bean for authentication in JavaServer Faces applications. A managed bean can authenticate users of a JavaServer Faces application, which allows regular facelifts form tags to be used instead of a mix of standard html and facelift tags. In such cases, the managed bean defines login and logout methods, and facelift forms call these methods in the action attribute. The managed bean's methods called the Javax.servet.http.httpservet request.login, and httpservitrequest.logoutmethods to manage user authentication. In this managed bean, a stateless session bean uses the user credentials passed to the login method to authenticate the user and resets the caller identity of the request when the logout method is called. The facelift form calls these methods for user login and logout as you can see here.


About the Author
Learning Paths

OAK Academy is made up of tech experts who have been in the sector for years and years and are deeply rooted in the tech world. They specialize in critical areas like cybersecurity, coding, IT, game development, app monetization, and mobile development.

Covered Topics