• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Return to Login Page

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello all, my first post here so hope it's not a simple-obvious one:)

I'm currently working on a JSF web-application and we want better handle an enforced logout of the user, either by session timeout, or back-end event requiring this.

I have spent today looking at using a Servlet Filter to intercept the request and decide if the user is currently logged on, if not the forward them back to the login page. Unfortunaly I had problems with this, the forward did not seem to be working, the Filter was called, but the next JSF page was displayed! It was as if the Faces Sevlet was being called with the original request, regardless of the forward which I expected call the login page (which might be due to my lack of understanding!)

Anyhow, I had a bit more of a look (including the thread on pre-page initialisation) and wondered if I was approaching this problem in the wrong way. Should I be using a Servlet as a Filter to take the appropriate action on session timeout or if the user is not logged in, or is there a more 'JSF' way to accomplish this such as using a PhaseListener or NavigationHandler?

Any advice would be very much appreciated.

Rich.
 
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To me servlet filter is good approach. I using servlet filter to perform authorization it is working quite well. Please post your servlet filter code.
 
Venkat Sadasivam
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My servlet filter code is:

 
Rich Smith
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

Thank you for your reply.

My servlet codce looks much like yours, although I was getting RequestDispater from filterConfig.getServletContext().getRequestDispatcher() however if just tried getting it from the request it's still not worked for me.



My Filter is configured by the web.xml file entries, these are placed at the end of web.xml file.



Also, somthing which may or maynot be a factor is that I am using JDeveloper and ADF, and have a file called adf-faces-config.xml which only has a <skin-family> definition.

When I run my application in debug mode I can follow it through until is gets to the forward command so it should be happening, I did wonder if I was specifying the wrong page to forward to, but if I change that to anything else (e.g. "/Login.jsp") but that results in a 500 internal servlet error so I think i have it correct already?
 
Saloon Keeper
Posts: 28767
211
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I admit I'm rather prejudiced in the matter, but what about simply using the built-in J2EE standard security system (Container-based Authentication and Authorization)?

Sun designed all that stuff to work together and to minimize the amount of security-related code that the application programmer has to create and debug. And modify when the security system changes.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic