• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JSF redirect a logged out user

 
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am following this post http://aquaryus.wordpress.com/2012/03/29/jsf-login-logout-methods-session-timeouts-page-jumping-issues-facelets/
to redirect user to "login.xhtml" if the user is not logged in.
So far I have 4 pages
  • index.xhtml
  • register.xhtml
  • login.xhtml
  • welcome.xhtml

  • If user tries to go to welcome page, without authentication, he shall be redirected to login page,
    but when I run the application, only login.xhtml page is accessible without authentication.
    After logging in all the pages are accessible.
    I want only welcome.xhtml page to be accessed after authentication.

    My Code:


    Thanks
     
    Ranch Hand
    Posts: 859
    IBM DB2 Chrome Java
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    It looks like you have to "deauthorize" register and login? but why?
    Simply check if the user is logged in via some filter and redirect them back to where they came from.

    WP
     
    malik ge
    Ranch Hand
    Posts: 69
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    I am creating small application for testing.
    The reason for "deauthorizing" register.xhtml page is that, first the user can register themselves, then they can login.

    Simply check if the user is logged in via some filter and redirect them back to where they came from.


    Can you please explain a little more how can I do that?
     
    Saloon Keeper
    Posts: 27752
    196
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    One of the reasons why I recommend using the J2EE standard security system is because you don't have to do convoluted things like this when you use it. Although the main reason is because, as I've said too many times, it's because I've never run into a user-designed security system that was actually secure. And in your specific case, ANY request from a logger-out user to a secured URL would automatically redirect to a login without a single line of Java code required.

    I would not use JSF for this kind of task, in any event. It would at best only be secure in cases where each and every submitted URL with security implications was a JSF URL, and that's rarely the case for me. Requests to servlets to create reports, requests to JSPs to create XML files, stuff like that would not go through JSF and therefore would not go through a phase listener. A servletlistener is a better place to put stuff like this.
    reply
      Bookmark Topic Watch Topic
    • New Topic