• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
Bartenders:
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

Securing JSF pages

 
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys

Could enyone help with some advice on how to protect secure pages in a JSF2.0 webapp?

My basic page structure is

/pages/ - standard pages
/pages/secure - secure pages

I have implemented a Filter which uses the url-pattern "/secure/*", this Filter checks to see if the HttpSession has a value called 'isAuthenticated', if not it redirects to the login page.

My welcome-page is [http://localhost/pages/index.jsf]

This Filter works if you type in the URL manually, say:
- http://localhost/pages/secure/myaccount.jsf

The will pass into the Filter and redirects as expected, the problem comes when I use a commandLink. Even though it has this action [action="/pages/secure/myaccount.jsf"] it loads the secure page, bypassing the Filter. I believe this is because the URL still has the following:

- http://localhost/pages/index.jsf

How can I get the JSF page to go through the Filter when called from a commandLink (or similar)?

Cheers in advance

KS
 
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
try with a <redirect/> in the faces-config, where you specify what the outcome for your command link action goes.


<from-outcome>your outcome</from-outcome>
<to-view-id>view</to-view-id>
<redirect/>
 
Kevin P Smith
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for that, I am using JSF2.0 so I have avoided the XML thing.

Would the same thing work if I had a class called something like NavigationController which has a method for this redirect and called that method in the commandLink?

Say


Or something.
 
Nick Potter
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The redirect thingy performs an additional request to the server, so when you click the link it actually hits the server twice. I haven't touched JSF 2, so i don't know how you can achieve this.
 
pie. tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic