I am trying to do a simple login where I want to do the following :: 1 >App consists of Login.jsp , A.jsp & B.jsp
2 >If user is not logged in user should always be directed to Login.jsp
3 >User should not be able to access any JSP directly
My queries / doubts and tries from my end ::
I tried to make use of a managed bean with session scope in "faces-config.xml "
Question :: Against what attribute is it stored in the session ? If I want to access the bean stored in HttpSession what should be the parameter against which I need to lookup ?
Is the bean available to a Non JSF component ? ( servlet - it should be since session is available ?)
Regarding preventing direct access to JSP I dont want to use container provided security . So please please lets not go that route ( This is too simple a use case to warrant container security ) I want to simply everytime check the HttpSession if the user bean exists on session or not ! If it does - allow user to access the jsp If not - simply throw the user out to login screen
Will I have to use a PhaseListener ? ( clueless regarding how to use it and why to use it ! will I have to use a filter ?
I really dont know and I am a little mad at is - that this is fairly a simple thing to do and were this struts / servlets this would be done in a jiffy
with jsf this is becoming a difficult task to just simply store / retrieve data in request / session
maybe I am new / havent read enough hence the frustration - but I am beginning to wonder why jsf ?
To do it a more clean and independent way, just use ExternalContext#getSessionMap(). If you runs JSF on top of a JSP/Servlet environment, it will be mapped transparently as HttpSession attributes. This way your code isn't dependent on the underlying environment.
The session scoped managed beans are just available in there by its managed bean name. Under the hood JSF roughly creates it as follows:
You can get it by [ September 02, 2008: Message edited by: Bauke Scholtz ]