my dog learned polymorphism*
The moose likes JSF and the fly likes [solved] authorization with phaselistener problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "[solved] authorization with phaselistener problem" Watch "[solved] authorization with phaselistener problem" New topic
Author

[solved] authorization with phaselistener problem

Benjamin Dittwald
Greenhorn

Joined: Mar 05, 2009
Posts: 8
hi all,

i am trying to use a phase listener for authorization in my jsf web application. the phase listener works fine that he redirect to the login page if the user visit a protected side or let the user go for a public side. but that's all, he just redirect or not.
my actual problem is that i don't know how to let the phase listener recognize that the user is signed in and which name or which role he has. i need a "isLoggedIn" method in my phase listener, but i don't know how to get these information of username and role. i have a loginBean which is used by my login.jsp. the login method of this bean checks if it can find the given username in a database and checks the given password, if that all works fine the method return "succes" for the navigation-role.
how can i get the phase listener to know that the user just signed in? what's there to do in my LoginBean?

here is my code.

the phaselistener

return of loggedIn is false for testing the redirect.

that's my LoginBean:


how can i put these things together? hope someone can help me!
regards, benjamin
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
You shouldn't couple authorization that tight with JSF. Better make use of container managed authentication and/or a simple filter acting on an url-pattern covering the protected pages.
Benjamin Dittwald
Greenhorn

Joined: Mar 05, 2009
Posts: 8
yeah thanks for the hint, i solved it with container managed authentication.

This how to helped me with it.

regards,
benjamin
Sorin Alexandru
Greenhorn

Joined: Nov 30, 2008
Posts: 28
Benjamin Dittwald wrote:yeah thanks for the hint, i solved it with container managed authentication.

This how to helped me with it.

regards,
benjamin


You could also go on with what you started, doing the following:
- when the user logs in, you keep his/her credentials (e.g. an instance of the LoginBean) in the session
- in the filter you check if the LoginBean instance is present in the session and depending on that, you forward to the right page

I hope this helps.
(example: http://forums.sun.com/thread.jspa?forumID=881&threadID=5050520)

Greetings,
Sorin
Benjamin Dittwald
Greenhorn

Joined: Mar 05, 2009
Posts: 8
thanks for your reply, i'll keep that in mind, but i already solved it with the solution above. its for my bachelor and there is no more time for changes.

greetings,
benjamin
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: [solved] authorization with phaselistener problem