I am very new to JSF and I am trying to do the following:
1> login.jsp - get username and password and redirecto welcome.jsp on success on failure return to login.jsp but with error message on the screen..
2> when the user tries to open to some other page which requires user to be logged in before opening it, in this case how would I check whether user has logged in or not.. I know i can get the user bean information from the session or face context.. but I don't want to put this check in all my jsp pages.. I am looking for a cleaner way..
I have a userbean class with a login function which gets called when user press login button. It return success/failure.
I am aware that it is possible to check the login at the validation stage itself.. but I am not sure of the right approach.. Please help!
You can create a Filter that verifies every request if the user is logged in and redirect the user to a page if it is not logged in.
You can authorize acces to the pages through the web.xml in which you define which roles can access which pages, but for this you should read about JAAS here.
I think the best way to do this is through JAAS, is cleaner and is not reaaly hard to use it.
If you have any questions don't hesitate to ask. [ July 15, 2008: Message edited by: Andres Quinones ]
Joined: Feb 04, 2007
Thanks for your answer! I am not really happy with the form based security check which comes without any considerable coding effort. But if my site has lot of users, I really don't want to put 100,000 user names in a xml file.
I am looking for a more elegant solution.. Probably servlet filter based solution looks good to me..
Joined: Oct 09, 2006
Gopi, you will not have to put 100,000 user in your xml file, because it is handle with roles for those users. I think is the best and cleanest way to manage your authorization process.
The filter is the other way but your application performance could decrease.