This week's book giveaway is in the JDBC forum.
We're giving away four copies of Make it so: Java DB Connections & Transactions and have Marcho Behler on-line!
See this thread for details.
The moose likes JSF and the fly likes JSF PhaseListener Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Make it so: Java DB Connections & Transactions this week in the JDBC forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF PhaseListener" Watch "JSF PhaseListener" New topic

JSF PhaseListener

adam bilyone

Joined: Aug 14, 2011
Posts: 16
I wanted to secure my jsf pages so that a user must login before navigating to any page except the login page, if the user is not login and attempt to navigate to a secure page, he will be redirected to the login page. I used the JSF PhaseListener, it secure the pages by not rendering the pages, but it doesn't direct the user to the login page, instead it shows the following error message.

XML Parsing Error: no element found
Location: http://localhost:8080/FarmRecords/faces/UserHome.xhtml
Line Number 1, Column 1:

The followings are my codes

public void afterPhase(PhaseEvent event) {
FacesContext context = event.getFacesContext();

if (!userExists(context))
if (requestingSecureView(context))
getNavigationHandler().handleNavigation(context, null, "login");

public void beforePhase(PhaseEvent event)
//Do nothing

public PhaseId getPhaseId()
return PhaseId.RESTORE_VIEW;

private boolean userExists(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
return (extContext.getSessionMap().containsKey("user"));

private boolean requestingSecureView(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
String path = extContext.getRequestPathInfo();
return (!"/index.xhtml".equals(path));


<faces-config version="2.1"



Thank you for your response.
adam bilyone

Joined: Aug 14, 2011
Posts: 16
I solved the problem using
instead of using navigation handler.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17282

Or, you could have skipped all the trouble by using the J2EE container security system that comes with every J2EE server and requires no coding/debugging/maintenance at all.

And, unlike a JSF PhaseListener, it will guard non-JSF resources such as ordinary (non-JSF) servlets and JSPs, as well as the CSS, JavaScript, and other such resources.

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: JSF PhaseListener
It's not a secret anymore!