I would like to redirect ( on load page ) users on log-in-page when the are not logged in and when they try to access any of pages. When I type in url address of any of me pages I achieve access to resources without logging and this is the problem. I think I should check the session parameter from session bean on load page ... but I don't know how to do that ... Plase help!
rajanikanth bhagavan kanth
Ranch Hand
Joined: May 20, 2008
Posts: 78
posted
0
Hi,
You can use Filters for redirecting the page.
Regards Bhagv
rajanikanth bhagavan kanth
Ranch Hand
Joined: May 20, 2008
Posts: 78
posted
0
Hi,
You can write one filter class for all jsps , in that filter you need to check that wether it is the valid session or not .if it is valid session redirect to corresponding jsp or else just redirect to the login or some other failure jsp.
Java EE - including J2EE - has built-in support for page redirection using container-managed authentication and authorization. By including the proper directives in your webapp's web.xml file, you can designate some or all of the URLs directed at your application to be subject to authentication and authorization.
If a URL requires authentication - meaning that the user is not presently logged in - the application server will place that URL request on hold and redirect to a login page, dialog, or other means of obtaining security credentials. Once/if the user has logged in successfully, the original URL request will be taken off hold and processed.
Over time, I've compiled a list of about 10 reasons why writing your own login and security code is an extremely bad thing to do. I highly recommend letting the Java EE framework do the job for you (yes, one of the 10 reasons is that you probably already have enough work to do anyway).
My experience has been that the Java EE container-based security system is sufficient for most apps, and can be extended easily to handle quite a few more. Rarely is it really necessary to invent your own security, and few people have done the job all that well from what I've seen.
If you absolutely insist on implementing your own security, filters are a good choice. Coding security directly into the application logic is not.
Customer surveys are for companies who didn't pay proper attention to begin with.
rajanikanth bhagavan kanth
Ranch Hand
Joined: May 20, 2008
Posts: 78
posted
0
Hi Holloway,
I know only filter concept for this problem.May i know how can i configure this in web.xml.Can you please give me suggetions.
Originally posted by Tim Holloway: Java EE - including J2EE - has built-in support for page redirection using container-managed authentication and authorization. By including the proper directives in your webapp's web.xml file, you can designate some or all of the URLs directed at your application to be subject to authentication and authorization.
If a URL requires authentication - meaning that the user is not presently logged in - the application server will place that URL request on hold and redirect to a login page, dialog, or other means of obtaining security credentials. Once/if the user has logged in successfully, the original URL request will be taken off hold and processed.
Over time, I've compiled a list of about 10 reasons why writing your own login and security code is an extremely bad thing to do. I highly recommend letting the Java EE framework do the job for you (yes, one of the 10 reasons is that you probably already have enough work to do anyway).
My experience has been that the Java EE container-based security system is sufficient for most apps, and can be extended easily to handle quite a few more. Rarely is it really necessary to invent your own security, and few people have done the job all that well from what I've seen.
If you absolutely insist on implementing your own security, filters are a good choice. Coding security directly into the application logic is not.
Though i know how to do this using seam, i am yet to do this using plain JSF, please can you provide me with an article on this
0
