• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Securing JSF pages

 
Kevin P Smith
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys

Could enyone help with some advice on how to protect secure pages in a JSF2.0 webapp?

My basic page structure is

/pages/ - standard pages
/pages/secure - secure pages

I have implemented a Filter which uses the url-pattern "/secure/*", this Filter checks to see if the HttpSession has a value called 'isAuthenticated', if not it redirects to the login page.

My welcome-page is [http://localhost/pages/index.jsf]

This Filter works if you type in the URL manually, say:
- http://localhost/pages/secure/myaccount.jsf

The will pass into the Filter and redirects as expected, the problem comes when I use a commandLink. Even though it has this action [action="/pages/secure/myaccount.jsf"] it loads the secure page, bypassing the Filter. I believe this is because the URL still has the following:

- http://localhost/pages/index.jsf

How can I get the JSF page to go through the Filter when called from a commandLink (or similar)?

Cheers in advance

KS
 
Nick Potter
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
try with a <redirect/> in the faces-config, where you specify what the outcome for your command link action goes.


<from-outcome>your outcome</from-outcome>
<to-view-id>view</to-view-id>
<redirect/>
 
Kevin P Smith
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for that, I am using JSF2.0 so I have avoided the XML thing.

Would the same thing work if I had a class called something like NavigationController which has a method for this redirect and called that method in the commandLink?

Say


Or something.
 
Nick Potter
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The redirect thingy performs an additional request to the server, so when you click the link it actually hits the server twice. I haven't touched JSF 2, so i don't know how you can achieve this.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic