0

I have 3 jsf pages, first one for inserting data,username&password,then see if the data does exist in the database, after that navigate will play a role of redirecting to either welcome page in case of success or to wrong page if the data does not exist, here's the code :

ManagedBean code : 

    private String userName;
    private String password;
    setters() & getters() 
    DBManager m = new DBManager(); 

  public String checkStatus() throws Exception{
    ResultSet rs = m.ExecuteQuery("select count(*) from user_authentication where user_name = 
   '"+userName+"' and user_password ='"+password+"' ");

   if(rs.next())  
    return "loggedIn";
         return "loggedOut";
}

DBManager.java code : 

 public  Connection getConnection() {
    Connection cn = null;
    try{
        Class.forName("com.mysql.jdbc.Driver");  
        cn = DriverManager.getConnection("jdbc:mysql://localhost/recruitment","root","123");
    }catch(Exception e){
    }        
    return cn;
  }


  public ResultSet ExecuteQuery(String sql)  {
    ResultSet rs = null;
    Statement st = null;
    try {
        st = getConnection().createStatement();
        rs   = st.executeQuery(sql); 

    } catch (SQLException ex) {
        Logger.getLogger(DBManager.class.getName()).log(Level.SEVERE, null, ex);
    }
    return rs;
 }

faces-config code : 

<?xml version='1.0' encoding='UTF-8'?>
<faces-config version="2.0"
xmlns="http://java.sun.com/xml/ns/javaee" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee  

/web-facesconfig_2_0.xsd">
<managed-bean>
<managed-bean-name>obj</managed-bean-name>
<managed-bean-class>model.login</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>

<navigation-rule>
<from-view-id>/login.xhtml</from-view-id>
<navigation-case>
<display-name>welcome.xhtml</display-name>
<from-action>#{obj.checkStatus}</from-action>
<from-outcome>loggedIn</from-outcome>
<to-view-id>/welcome.xhtml</to-view-id>
</navigation-case>
<navigation-case>
<display-name>wrong.xhtml</display-name> 
<from-action>#{obj.checkStatus}</from-action>
<from-outcome>loggedOut</from-outcome>
<to-view-id>/wrong.xhtml</to-view-id>    
</navigation-case>
</navigation-rule>
</faces-config>

here's the JSF login page code : 

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:f="http://java.sun.com/jsf/core">
 <h:head>
    <title>Facelet Title</title>
 </h:head>
 <h:body>
    Hello from Facelets
    <f:view>
    <h:form>
        user name   <h:inputText value="#{obj.userName}"/>
        password  <h:inputSecret value="#{obj.password}"/>
        <h:commandButton value="log-in" type="submit" action="#{obj.checkStatus()}"/>
    </h:form>
        </f:view>
</h:body>
</html>

The other 2 jsf pages tell if the operation done successfully. The problem is that the login page redirects to the welcome page regardless of the correctness of the data being inserted.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Rehme
  • 323
  • 3
  • 6
  • 20

2 Answers2

1

A SELECT count(*) will always return a result. A count of 0 is also a valid result. In other words, your rs.next() always returns true. To fix your problem, you should rather select some column instead of a count(*).

See also:

Unrelated to the concrete problem, you've there a huge SQL injection hole and the code is leaking DB resources. Never concatenate user-controlled variables in a SQL string, but instead use PreparedStatement. Also always close DB resources like Connection, Statement and ResultSet in the finally block of the try where they've been opened.

See also:

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • I've done exactly as you told me, but now i got :`java.lang.StackOverflowError ` – Rehme Oct 30 '11 at 06:41
  • Well, something has run in an infinite loop. Hard to tell what exactly and how to solve it because you left out the stacktrace and I am not immediately able to beam over to you in person to see the stacktrace myself. – BalusC Oct 30 '11 at 17:34
0

First, if you are really using JSF2 then all those entries (regarding managed-bean and naviagation-rule) in faces-config.xml are not required.

To redirect, append "?faces-redirect=true" to the action-method's return value:

return "loggedIn?faces-redirect=true";
Bhesh Gurung
  • 50,430
  • 22
  • 93
  • 142
  • I did not know, there are 2 versions of JSF, thanks a million . – Rehme Oct 30 '11 at 06:13
  • While informative, this does not answer the concrete problem at all, nor does it explain how exactly it solves the navigation problem. – BalusC Oct 30 '11 at 06:23
  • @BalusC: The way he put his title got me, didn't even read the whole question properly. Anyways thanks BalusC, there is a lot we can learn from you. +1. – Bhesh Gurung Oct 30 '11 at 06:33