aspose file tools*
The moose likes JSF and the fly likes JSF Login problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF Login problem" Watch "JSF Login problem" New topic
Author

JSF Login problem

Kerry Wilson
Ranch Hand

Joined: Oct 29, 2003
Posts: 254
I am trying to implement a login solution with jsf. what needs to happen is that if the user requests a page other than the login page and is not logged in they will be redirected to another page. No problem, except in jsf ( apparently )

First I tried to implement it using a page backing bean and the beforeRestoreView method, but alas it or no other event methods seem to be getting called on the first load.

Next, I thought I could implement a phaseListener that would redirect, but that didn't work as the thread continued and caused a response committed error.

Finally, I tried to use a filter, no access to the session object though.

Is there anyway that I can do this, short of writing my own FacesServlet or anything crazy like that? I am using sun's jsf implementation, but would gladly switch to something else, if it allowed for a simple solution.

thanks,

Kerry


http://www.goodercode.com
SCJP 1.4
Jason Menard
Sheriff

Joined: Nov 09, 2000
Posts: 6450
Moved to the JSF forum.
Josh Juneau
Ranch Hand

Joined: Jun 16, 2004
Posts: 86
In some of my JSF applications, I have a login form which navigates to an unseen page if the authentication is successful. If the authentication is unsuccessful, the login page is reloaded.

This "unseen" page sets an attribute to "AUTHENTICATED" in the session using JSP scripting. After that attribute is set, it forwards the user into the actual application (a greeting page). All of the other pages in the application first check to ensure that this session attribute equals "AUTHENTICATED" prior to allowing access to the page...if it does not, then the user is forwarded directly to the login page. This prevents people from navigating to any page they wish without successfully authenticating.

It sounds like the scenario I have going above is even more than you need. I think all you need to do is set up different navigation cases in your faces-config depending upon if the user has logged into the application or not. In other words, in your backing bean, check to ensure that the user has authenticated somehow and send back an appropriate message to the faces-config. You could implement a solution as I have as well, it works for me.

I hope this helps!

Josh


Database Administrator/Application Developer
Kerry Wilson
Ranch Hand

Joined: Oct 29, 2003
Posts: 254
That sounds something like what I need. However, I have not been able to get a bean to check the login since none of the events are being called on the bean for the first request.

I know on the first request that jsf is supposed to call restoreView and then skip to renderResponse, so this leads me to believe that the beforeRestoreView should be called but it isn't. Where did you put your authentication checking logic?
Josh Juneau
Ranch Hand

Joined: Jun 16, 2004
Posts: 86
My authentication logic is in a backing bean. When the user hits the "Login" button, my login method is performed within the backing bean. Upon success, the message "SUCCESS" is returned and the faces-config then navigates to my "unseen" page. As I said earlier, the unseen page is a place holder so that I can throw a session attribute denoting that the user is authenticated...this page forwards into another application page so the user never sees it.

In your application, what component are you using for user navigation? In other words, is there a link or button to the next form? When the user is not logged in (and does not wish to log in), do they use a link or button to get to the next page?

If you are using one of the components listed above, you could tie an ActionEvent to that component which could perform a backing bean method upon invokation (ie: onclick). This is just a thought.
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15290
    
    6

I think you are wanting JSF to do more than it was designed to do. You mentioned you tried using a Servlet Filter, which is what I would do, but that the session wasn't available from the Filter?



GenRocket - Experts at Building Test Data
Varun Khanna
Ranch Hand

Joined: May 30, 2002
Posts: 1400
Originally posted by Gregg Bolinger:
I think you are wanting JSF to do more than it was designed to do. You mentioned you tried using a Servlet Filter, which is what I would do, but that the session wasn't available from the Filter?

Probably he tried to get the session in a "JSF Way" i.e. from the FacesContext instance, which won't work as Filter are called before FCtx instance is initialised by FacesServlet.


- Varun
Kerry Wilson
Ranch Hand

Joined: Oct 29, 2003
Posts: 254
No, I realize that FacesContext is not available in a filter. What I did not realize was that a ServletRequest could be safely casted into a HttpServletRequest. I would like to know why the ServletResponse/Request are passed in instead of HttpServletRequest.

I believe the filter is the best way to implement this, since JSF should not be handling stuff like login and such.

Thanks, for the help
Varun Khanna
Ranch Hand

Joined: May 30, 2002
Posts: 1400
Originally posted by Kerry Wilson:
I would like to know why the ServletResponse/Request are passed in instead of HttpServletRequest.


To allow future generations to use our filter in a non-HTTP servlet environment, in case they want so
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSF Login problem
 
Similar Threads
Two Forms Mistakenly Shown
Java and LDAP directory
View Expired Exception
Switching from https to http - this one again
forms authentication (j_security_check) with JSF