This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes JSF and the fly likes JSF PhaseListener Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » JSF
Bookmark "JSF PhaseListener" Watch "JSF PhaseListener" New topic
Author

JSF PhaseListener

adam bilyone
Greenhorn

Joined: Aug 14, 2011
Posts: 16
I wanted to secure my jsf pages so that a user must login before navigating to any page except the login page, if the user is not login and attempt to navigate to a secure page, he will be redirected to the login page. I used the JSF PhaseListener, it secure the pages by not rendering the pages, but it doesn't direct the user to the login page, instead it shows the following error message.

XML Parsing Error: no element found
Location: http://localhost:8080/FarmRecords/faces/UserHome.xhtml
Line Number 1, Column 1:
^

The followings are my codes

AuthenticationPhaseListener.java

@Override
public void afterPhase(PhaseEvent event) {
FacesContext context = event.getFacesContext();

if (!userExists(context))
{
if (requestingSecureView(context))
{
context.responseComplete();
context.getApplication().
getNavigationHandler().handleNavigation(context, null, "login");
}
}
}

@Override
public void beforePhase(PhaseEvent event)
{
//Do nothing
}

@Override
public PhaseId getPhaseId()
{
return PhaseId.RESTORE_VIEW;
}


private boolean userExists(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
return (extContext.getSessionMap().containsKey("user"));
}

private boolean requestingSecureView(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
String path = extContext.getRequestPathInfo();
return (!"/index.xhtml".equals(path));
}


faces-config.xml

<faces-config version="2.1"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd">

<lifecycle>
<phase-listener>
com.bilyone.jsf.authenticate.AuthenticationPhaseListener
</phase-listener>
</lifecycle>


</faces-config>


Thank you for your response.
adam bilyone
Greenhorn

Joined: Aug 14, 2011
Posts: 16
I solved the problem using
externalContext.redirect(externalContext.getRequestPath()+"/faces/home.xhtml");
instead of using navigation handler.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16095
    
  21

Or, you could have skipped all the trouble by using the J2EE container security system that comes with every J2EE server and requires no coding/debugging/maintenance at all.

And, unlike a JSF PhaseListener, it will guard non-JSF resources such as ordinary (non-JSF) servlets and JSPs, as well as the CSS, JavaScript, and other such resources.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
GeeCON Prague 2014
 
subject: JSF PhaseListener