JSF Authentication Login Logout Database Example

Authentication mechanism allows users to have secure access to the application by validating the username and password. We will be using JSF view for login, DAO object ,HttpSession for session management, JSF managed bean and mysql database.

Lets now look in detail as how to create a JSF login logout authentication mechanism in JSF application.

Step 1: Create the table Users in mysql database as

Here we create user table with uid as the primary key, username and password fields with not null constraints.

Step 2: Insert data into the table Users as;

Before we move on to our project related code, below image shows the project structure in Eclipse. Just create a dynamic web project and convert it to maven to get the project stub and then keep on adding different components.


Step 3: Create the JSF login page login.xhtml as;

Here we are creating a JSF login view page with username and password fields and set values for these fields through the login managed bean. We invoke the validateUsernamePassword method on click of Login button to validate the username and password.

Step 4: Create the managed bean Login.java as;

We declare three String variables user, pwd and msg for username, password and error message fields along with the getter and setter methods. We write a method validateUsernamePassword() for validating the username and password field by invoking the LoginDAO class to fetch the username and password from the database and compare it with the front end values passed. If the username and password does not match an error message is displayed as “Incorrect username and password” . Also a logout() method is written to perform logout by invalidating HTTPSession attached.

Step 5: Now create the LoginDAO java class as below. Note that database operations code is not optimized to be used in a real project, I wrote it as quickly as possible because the idea is to learn authentication in JSF applications.

In the validate() method we first establish connection to the database by invoking the DataConnect class getConnection method. We use PreparedStatement to build the query to fetch the data from the database with the user entered values. If we get any data in result set, it means input is valid and we return true, else false.

Step 6: Create the DataConnect.java class as;

We load the JDBC driver using Class.forName method and use DriverManager.getConnection method passing the url, username and password to connect to the database.

Step 7: Create SessionUtils.java to obtain and manage session related user information.

Here we obtain a session for each user logged through the getUserId method thereby associating a session id to a particular user id.

Step 8: Create the authorization filter class as;

We implement the standard filter class by overriding the destroy and doFilter methods. In the doFilter method we will redirect user to login page if he tries to access other page without logging in.

Step 9: Create admin.xhtml as;

This page is rendered when the user logs in successfully. Logout functionality is implemented by calling the logout method of the Login.java class.

Step 10: Create faces-config.xml file as;

Once done with all the steps specified above run the application and see the following output in the browser.

Login Page


Authentication Error Page


Login Success Page


Accessing admin.xhtml while logged in


Just click on the Logout link and the session will be invalidated, after that try to access admin.xhtml page and you will be redirected to the login page, go ahead and download the project from below link and try it out.

By admin

Leave a Reply

%d bloggers like this: