File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSF and the fly likes JSF PhaseListener Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF PhaseListener" Watch "JSF PhaseListener" New topic
Author

JSF PhaseListener

adam bilyone
Greenhorn

Joined: Aug 14, 2011
Posts: 16
I wanted to secure my jsf pages so that a user must login before navigating to any page except the login page, if the user is not login and attempt to navigate to a secure page, he will be redirected to the login page. I used the JSF PhaseListener, it secure the pages by not rendering the pages, but it doesn't direct the user to the login page, instead it shows the following error message.

XML Parsing Error: no element found
Location: http://localhost:8080/FarmRecords/faces/UserHome.xhtml
Line Number 1, Column 1:
^

The followings are my codes

AuthenticationPhaseListener.java

@Override
public void afterPhase(PhaseEvent event) {
FacesContext context = event.getFacesContext();

if (!userExists(context))
{
if (requestingSecureView(context))
{
context.responseComplete();
context.getApplication().
getNavigationHandler().handleNavigation(context, null, "login");
}
}
}

@Override
public void beforePhase(PhaseEvent event)
{
//Do nothing
}

@Override
public PhaseId getPhaseId()
{
return PhaseId.RESTORE_VIEW;
}


private boolean userExists(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
return (extContext.getSessionMap().containsKey("user"));
}

private boolean requestingSecureView(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
String path = extContext.getRequestPathInfo();
return (!"/index.xhtml".equals(path));
}


faces-config.xml

<faces-config version="2.1"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd">

<lifecycle>
<phase-listener>
com.bilyone.jsf.authenticate.AuthenticationPhaseListener
</phase-listener>
</lifecycle>


</faces-config>


Thank you for your response.
adam bilyone
Greenhorn

Joined: Aug 14, 2011
Posts: 16
I solved the problem using
externalContext.redirect(externalContext.getRequestPath()+"/faces/home.xhtml");
instead of using navigation handler.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15960
    
  19

Or, you could have skipped all the trouble by using the J2EE container security system that comes with every J2EE server and requires no coding/debugging/maintenance at all.

And, unlike a JSF PhaseListener, it will guard non-JSF resources such as ordinary (non-JSF) servlets and JSPs, as well as the CSS, JavaScript, and other such resources.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: JSF PhaseListener
 
Similar Threads
custom tag handler
Invalid content error in struts.xml file.
Getting error while upgrading my running application from jboss-4.2.1.GA to jboss-6.0.0.Final.
JSF redirect to another page
simple best practice question