package com.jsfcourse.security;import java.util.List;import javax.ejb.EJ

1. package com.jsfcourse.security;
2.  
3. import java.util.List;
4.  
5. import javax.ejb.EJB;
6. import javax.faces.application.FacesMessage;
7. import javax.faces.bean.ManagedBean;
8. import javax.faces.bean.SessionScoped;
9. import javax.faces.context.FacesContext;
10. import javax.servlet.http.HttpSession;
11.  
12. import com.jsf.dao.LoginDAO;
13. import com.jsf.entities.User;
14.  
15. @ManagedBean
16. @SessionScoped
17. public class LoginBB {
18. private static final String PAGE_MAIN = "/pages/admin";
19. private static final String PAGE_LOGIN = "/pages/login";
20. private static final String PAGE_STAY_AT_THE_SAME = null;
21.  
22. private String login;
23. private String password;
24.  
25. public String getLogin() {
26. return login;
27. }
28.  
29. public void setLogin(String login) {
30. this.login = login;
31. }
32.  
33. public String getPassword() {
34. return password;
35. }
36.  
37. public void setPassword(String password) {
38. this.password = password;
39. }
40.  
41. //Dependency injection
42. // - no setter method needed in this case
43. @EJB
44. LoginDAO loginDAO;
45.  
46. public boolean validateData() {
47. boolean result = true;
48. FacesContext ctx = FacesContext.getCurrentInstance();
49.  
50. // check if not empty
51. if (login == null || login.length() == 0) {
52. ctx.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR,
53. "podaj login", "null"));
54. }
55.  
56. if (password == null || password.length() == 0) {
57. ctx.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR,
58. "podaj haslo", "null"));
59. }
60.  
61. if (ctx.getMessageList().isEmpty()) {
62. result = true;
63. } else {
64. result = false;
65. }
66. return result;
67.  
68. }
69.  
70. public String doLogin() {
71. FacesContext ctx = FacesContext.getCurrentInstance();
72. User user = null;
73.  
74. // 1. check parameters and stay if errors
75. if (!validateData()) {
76. return PAGE_STAY_AT_THE_SAME;
77. }
78.  
79. // 2. verify login and password - get User from "database"
80. user = getUserFromDatabase(login, password);
81.  
82. // 3. if bad login or password - stay with error info
83. if (user == null) {
84. ctx.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR,
85. "Niepoprawny login lub haslo", null));
86. return PAGE_STAY_AT_THE_SAME;
87. }
88.  
89. // 4. if login ok - save User object in session
90. HttpSession session = (HttpSession) ctx.getExternalContext()
91. .getSession(true);
92. session.setAttribute("user", user);
93.  
94. // and enter the system
95. return PAGE_MAIN;
96. }
97.  
98. public User getUser() {
99. HttpSession session = (HttpSession) FacesContext.getCurrentInstance()
100. .getExternalContext().getSession(true);
101. return (User) session.getAttribute("user");
102. }
103.  
104. public String doLogout(){
105. HttpSession session = (HttpSession) FacesContext.getCurrentInstance()
106. .getExternalContext().getSession(true);
107. //Invalidate session
108. // - all objects within session will be destroyed
109. // - new session will be created (with new ID)
110. session.invalidate();
111. return PAGE_LOGIN;
112. }
113.  
114. // simulate finding user in database
115. private User getUserFromDatabase(String login, String password) {
116. User u = null;
117. List<User> list = loginDAO.getUser(login, password);
118.  
119. if ( list.size() != 0) {
120. u = new User();
121. u = list.get(0);
122. }
123. return u;
124. }
125. }