jQuery in Action, 2nd edition*
The moose likes JSF and the fly likes JSF PhaseListener Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF PhaseListener" Watch "JSF PhaseListener" New topic

JSF PhaseListener

adam bilyone

Joined: Aug 14, 2011
Posts: 16
I wanted to secure my jsf pages so that a user must login before navigating to any page except the login page, if the user is not login and attempt to navigate to a secure page, he will be redirected to the login page. I used the JSF PhaseListener, it secure the pages by not rendering the pages, but it doesn't direct the user to the login page, instead it shows the following error message.

XML Parsing Error: no element found
Location: http://localhost:8080/FarmRecords/faces/UserHome.xhtml
Line Number 1, Column 1:

The followings are my codes


public void afterPhase(PhaseEvent event) {
FacesContext context = event.getFacesContext();

if (!userExists(context))
if (requestingSecureView(context))
getNavigationHandler().handleNavigation(context, null, "login");

public void beforePhase(PhaseEvent event)
//Do nothing

public PhaseId getPhaseId()
return PhaseId.RESTORE_VIEW;

private boolean userExists(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
return (extContext.getSessionMap().containsKey("user"));

private boolean requestingSecureView(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
String path = extContext.getRequestPathInfo();
return (!"/index.xhtml".equals(path));


<faces-config version="2.1"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd">



Thank you for your response.
adam bilyone

Joined: Aug 14, 2011
Posts: 16
I solved the problem using
instead of using navigation handler.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15962

Or, you could have skipped all the trouble by using the J2EE container security system that comes with every J2EE server and requires no coding/debugging/maintenance at all.

And, unlike a JSF PhaseListener, it will guard non-JSF resources such as ordinary (non-JSF) servlets and JSPs, as well as the CSS, JavaScript, and other such resources.

Customer surveys are for companies who didn't pay proper attention to begin with.
I agree. Here's the link: http://aspose.com/file-tools
subject: JSF PhaseListener
Similar Threads
custom tag handler
Invalid content error in struts.xml file.
Getting error while upgrading my running application from jboss-4.2.1.GA to jboss-6.0.0.Final.
JSF redirect to another page
simple best practice question