First I have to make my standard disclaimer: Writing your own security system is a Bad Thing. If you want to know more, I can point you to a long list of reasons why.
However, JSF already knows about session objects. If you define a JSF backing bean in the faces-config file and give it the scope "session", JSF views can then reference it without the need for scriptlets (which are also generally considered to be Bad Things).
A lot the of modern-day software development platforms are designed to permit parcelling out work to those with the best aptitude for it. A lot of modern-day business is predicated on making one person do all the work, regardless of aptitude.
max soyosa
Greenhorn
Joined: Feb 25, 2010
Posts: 24
posted
0
Thanks mr. Tim,
ah ok! if thats bad what is the correct code in putting session in jsp page and also in jsf page because im currently using jsf frameworks.
thanks
max
This message was edited 1 time. Last update was at by max soyosa
You don't actually put a session "in" a page. The session remains on the server at all times, although you can reference it and its attributes (session beans) in order to build a page.
The session ID is sent to the client, but that's just so that when the next request comes back that the same session is used in order to permit the server to operate as though a program was runnng when in fact HTTP is nothing but a set of one-shot request/response actions in series.
I think in regular JSPs, they provide an actual variable named "session", but I don't use regular JSPs much any more.
On JSF views, you normally access the session attributes using the Expression Language (EL). So you would code things like:
max soyosa
Greenhorn
Joined: Feb 25, 2010
Posts: 24
posted
0
Actually mr.Tim, my porpuse in putting scriptlet in a jsp page is whenever someone access the jsp page(without authorization),
he can't access the page or else he will be directly redirects to the login page. That's actually my porpuse but when said to me that it is a bad practice, i will not use it again.
For the jsf code which you have posted, i am already using that, not for session but for retrieving files from the database. I tried it for session and it also works.
i have another problem, about the SessionListener, I don't have an idea about that. Can it be used it both jsf servlet and jsf page? Can you please give me an idea?
The JSF session is the same HttpSession object that plain old JSP's use. JSF doesn't do anything special other than having the ability to create session attributes automatically for you when you need them instead of making you create them yourself.
So SessionListeners and stuff like that work exactly the same either way.
0
