File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSF and the fly likes JSF Filter prevent direct access certain page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF Filter prevent direct access certain page" Watch "JSF Filter prevent direct access certain page" New topic
Author

JSF Filter prevent direct access certain page

Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
I want the user to access Page2 and Page3 from Page1, and if the user typing the url /page2.jsf or /page3.jsf will redirect they to page1.jsf. These page doesn't required the user to login. I have try out using filter, first time run the Page2 it will redirect me to Page1 but once again i type the url /Page3.jsf it will redirect me to Page3.jsf but i don't want it to happened anyone can help me?
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
If you post a code snippet of your filter, we would be able to understand better
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
Hi, thanks for replied below is my filter class.



Actually this 3 page doesnt required the user to login, but i have bind the value using Managed Bean to get the user details from page1 den process to page2 and so on. At first i run Page2 it will redirect me to Page1 but on Page1 i type the URL /Page2.faces it will link me to Page2.faces,

Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Line 11 of your code


I think this will always create a new HttpSession always because you have passed in the parameter 'true', if you pass in 'false'(which is also the default)
an HttpSession will be created only once when the page is requested and no new sessions will be created and your filter can capture the correct user information.

It would be good if somebody else can also verify this and correct me if I am wrong.


Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
Hmm if i try to set it to false when i run the page got error

java.lang.NullPointerException
it3119.action.RestrictPageFilter.doFilter(RestrictPageFilter.java:29)

Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Ok,

If I understand it right, if your user is not authenticated(logged in ) then you want to redirect him to page 1

So First, check if a user session exists or not
Second, if the user session exists , then check the incoming request, if it is not from page1 then redirect to page1
If user session does not exists , then redirect user to page1


Hope this helps
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
I try run my page, but it loop infinite? And The page actually didnt required the user to login because is the resetpassword page Page one required user enter username and proceed to page 2 enter more details. So, in this case i wish to prevent user typing in url to access page2. So, do i still need to check the session?
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
I think I understood it wrong and the solution will always keep looping!! sorry I was not thinking right
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Kavita Tipnis wrote:Ok,

If I understand it right, if your user is not authenticated(logged in ) then you want to redirect him to page 1

So First, check if a user session exists or not
Second, if the user session exists , then check the incoming request, if it is not from page1 then redirect to page1
If user session does not exists , then redirect user to page1


Hope this helps


I modified the code assuming you enter the attribute 'user' in the session after the user enters the username on Page1
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
hmmm, sorry but the page still loop infinite.
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Kavita Tipnis wrote:
Kavita Tipnis wrote:Ok,

If I understand it right, if your user is not authenticated(logged in ) then you want to redirect him to page 1

So First, check if a user session exists or not
Second, if the user session exists , then check the incoming request, if it is not from page1 then redirect to page1
If user session does not exists , then redirect user to page1


Hope this helps


I modified the code assuming you enter the attribute 'user' in the session after the user enters the username on Page1


Just a one line check to see if the "user" attribute is in session, if yes continue to page2 else redirect to page1

Check how your adding the attribute "user" in the session
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
This is my page one


This is my faces-config



This is my web-xml



This is my Filter



I have try alot of way even i try else if only check the session. the page still loop infinite.
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Can you post your pc_Page1.doButton1Action method
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23


It actually link to page2

Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Hoe chin,

You have to add the "user" to the session in your action method if you want to recover it on Page2

Modify your action method to add the user value to the session attributes.



Let me know if I you already do this at some other point in your code
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
Thanks for your helps, I can make it link to Page1 when i run Page2 or Page 3. From Page2 i can get the value of what the user key in in page1. But if i didnt key in anything in Page1 to start the session i try key in the url Page2 it still link me to Page2. Sorry i am beginner. I realised that Even if i nvr key in anything in Page1
The S.O.P. will give me this bean.User@d0d12e
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Ok ,
In your filter Check if an HttpSession exists - If yes , then no problem,
if No then create one



Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
Thanks, it wont loop right now. But can i prevent if the user never enter username on page1 the user wont able to reach page two by typing url /page2.faces.
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
yes you add the 'username' to the session on action of your submit button
and this condition should take care of that
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
Thanks Kavita Tipnis really really a big thanks to you !
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
No Problem.. Does it work now as per your requirements/expectations?
Make a practice to read the API for more information!
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
yes it works now, really thanks you very much i have tried out this few days already.
Hoe Chin
Greenhorn

Joined: Jul 01, 2009
Posts: 23
-
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSF Filter prevent direct access certain page
 
Similar Threads
Javascript-- how to find referrer when url redirect is done
Sending data to popup window
popup form - howto get data ? from newbie
Prevent intermediate access to any jsp page
help for jsf