I am trying to do a simple login where I want to do the following ::
1 >App consists of Login.jsp , A.jsp & B.jsp
2 >If user is not logged in user should always be directed to Login.jsp
3 >User should not be able to access any JSP directly
My queries / doubts and tries from my end ::
I tried to make use of a managed bean with session scope in "faces-config.xml "
Question :: Against what attribute is it stored in the session ?
If I want to access the bean stored in HttpSession what should be the parameter against which I need to lookup ?
Is the bean available to a Non JSF component ? ( servlet - it should be since session is available ?)
Regarding preventing direct access to JSP
I dont want to use container provided security .
So please please lets not go that route
( This is too simple a use case to warrant container security )
I want to simply everytime check the HttpSession if the user bean exists on session or not !
If it does - allow user to access the jsp
If not - simply throw the user out to login screen
Will I have to use a PhaseListener ? ( clueless regarding how to use it and why to use it !
will I have to use a filter ?
I really dont know and I am a little mad at is - that this is fairly a simple thing to do and were this struts / servlets this would be done in a jiffy
with jsf this is becoming a difficult task to just simply store / retrieve data in request / session
maybe I am new / havent read enough hence the frustration - but I am beginning to wonder why jsf ?