• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

[solved] authorization with phaselistener problem

 
Benjamin Dittwald
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

i am trying to use a phase listener for authorization in my jsf web application. the phase listener works fine that he redirect to the login page if the user visit a protected side or let the user go for a public side. but that's all, he just redirect or not.
my actual problem is that i don't know how to let the phase listener recognize that the user is signed in and which name or which role he has. i need a "isLoggedIn" method in my phase listener, but i don't know how to get these information of username and role. i have a loginBean which is used by my login.jsp. the login method of this bean checks if it can find the given username in a database and checks the given password, if that all works fine the method return "succes" for the navigation-role.
how can i get the phase listener to know that the user just signed in? what's there to do in my LoginBean?

here is my code.

the phaselistener

return of loggedIn is false for testing the redirect.

that's my LoginBean:


how can i put these things together? hope someone can help me!
regards, benjamin
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You shouldn't couple authorization that tight with JSF. Better make use of container managed authentication and/or a simple filter acting on an url-pattern covering the protected pages.
 
Benjamin Dittwald
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah thanks for the hint, i solved it with container managed authentication.

This how to helped me with it.

regards,
benjamin
 
Sorin Alexandru
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Benjamin Dittwald wrote:yeah thanks for the hint, i solved it with container managed authentication.

This how to helped me with it.

regards,
benjamin


You could also go on with what you started, doing the following:
- when the user logs in, you keep his/her credentials (e.g. an instance of the LoginBean) in the session
- in the filter you check if the LoginBean instance is present in the session and depending on that, you forward to the right page

I hope this helps.
(example: http://forums.sun.com/thread.jspa?forumID=881&threadID=5050520)

Greetings,
Sorin
 
Benjamin Dittwald
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your reply, i'll keep that in mind, but i already solved it with the solution above. its for my bachelor and there is no more time for changes.

greetings,
benjamin
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic