SSO Login:How to redirect to login page

I have write a SSO class for Single Sign on But i am getting one issue i am using JSF2 for my web application...here is my SSO class
public class ApplicationSSO implements SSO { public String authenticateUser(RequestContext request) { UmUsersList user = (UmUsersList) request.getSessionContext().getAttribute("USER"); return user.getUmulEmailId(); } public boolean isSessionValid(UserSession userSession, RequestContext request) { if (request.getSessionContext().getAttribute("USER") != null) { return true; } else { JSFUtils.redirectPage("../login/Login.xhtml"); return false; } } }

As you can see i have write below line

JSFUtils.redirectPage("../login/Login.xhtml");

It mean if User null it will redirect to Login page but it is not working Can any one tell me how to solve the issue i am end up with

An error has occurred.

For detailed error information, please see the HTML source code, and contact the forum Administrator.

Error while executing SSO actions: java.lang.NullPointerException

If you have written your own login manage I cannot help you. Too much would depend on how you designed it. And, for the record, user-designed login managers have a near-100% record of being insecure, whether SSO or no.

If you are using the J2EE standard container-managed security sytem, logins are handled by the web application server, not by the web application. In that case, incoming URLs are scanned against the security patterns defined in the webapp's web.xml file, and if there's a match requiring a logged-in user, the seccurity manager steps in.

The first thing that the security manager does is determine whether the user is already logged in. If so, then it proceeds to check the user's assigned security roles against the roles allowed to make that URL request. Otherwise, the original URL request is placed on hold and the container displays the login page, accepts input from it, and validates the user's credentials. If they fail, the loginfail page is displayed. Otherwise the original URL request is pulled off hold, the security roles are checked, and - if the roles are acceptable - the request gets passed to the application for it to process.

There's really no difference between SSO and non-SSO security using the container security system other than that the container is configured to use an SSO security provider, such as CAS.