File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSF and the fly likes JSF equivalents of process pages Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF equivalents of process pages" Watch "JSF equivalents of process pages" New topic

JSF equivalents of process pages

Nelson Collette

Joined: Feb 08, 2007
Posts: 2
I am working on a project where authentication is handled by a third party, and they send back the information as session attributes. I currently know how to handle that using a .jsp process page, where I could call methods, login in the user and re-direct to other pages as necessary. However I'm using facelets and .xhtml pages that don't contain the .jsp functionality.

How can I run a backing bean method as soon as the page loads that could also re-direct to other pages as necessary without the user having to click on a continue button or something like that. Is it possible?

All solutions would be greatly appreciated.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

I highly recommend NOT putting login/security code into detail application constructs. Aside from the fact that you're mixing layers together, one miscoded business module can provide the conduit for an unscrupulous person to invade the system.

I prefer the standard J2EE container-based security system for most apps. It's already there, it's already debugged, and it sits around your whole app, keeping watch in things before they ever hit your actual program code. For situations where that's not feasible, the next best solution is to place your security in filters, which has almost the same net effect, minus the integration into the overall app server and web.xml.

You can use J2EE container security even with external security providers, so long as they support something that can be mapped to role-based access control and you have the specs on custom security providers for your appserver of choice. I wrote a Tomcat security realm module that backed up a web-service based security system. It wasn't very much code and it worked perfectly.

An IDE is no substitute for an Intelligent Developer.
Nelson Collette

Joined: Feb 08, 2007
Posts: 2
Thanks Tim,

I agree the security where it is currently meshed isn't the right place for it. I plan on implementing a filter that would protect each and every page, I was mainly wondering if such attempts were possible.

Thanks for your reply.
I agree. Here's the link:
subject: JSF equivalents of process pages
It's not a secret anymore!