Link to home
Create AccountLog in
Avatar of dovob
dovob

asked on

How to restrict access to JSF pages that are not login

I have implemented a simple login on a JSF. I am suppose to see a restricted pages after I login. However, I can also access the restricted page without going through the login process. How do I lock direct access to these restricted pages so that they can only be reached after a login process.
 I need to implement this in JSF for my school project.

What are my options to implemnt this?
Avatar of mrcoffee365
mrcoffee365
Flag of United States of America image

If you are not using the login controls available from your servlet engine (e.g., Tomcat has security contraints which can be built in) then you have to implement the login security yourself.

You can check in the page whether the user has logged in, and if they have not, redirect them to the login page.
Avatar of dovob
dovob

ASKER

How can I check if the user is login in JSF?
ASKER CERTIFIED SOLUTION
Avatar of mrcoffee365
mrcoffee365
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of dovob

ASKER

Thanks for your patience. I have some knowledge on servlet and JSP but I am pretty new to the concept of JSF.

I would like to find out if there is a more sophisticated way of defining this in JSF without implementing the whole chunk of code on this page?

Is there anything I can include in face-config.xml?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of dovob

ASKER

I have tried them but none of them have the function of restricting access to restricted pages and logging out.

This example:
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html

specifically restricts access to index.jsp with the login.  What didn't work for you?
Avatar of dovob

ASKER

I would like to restrict access to the successful.jsp in the example from
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html

User who are not login cannot access the successful.jsp page directly from the url
http://localhost:8080/login/success.jsp
instead they have to go through the normal login process from
http://localhost:8080/login/login.jsp
in order to reach the successful page.
How do I implement such a restriction of the successfl.jsp page. That's my question.
What does your web.xml look like?  Did you follow the directions at the bottom of the page, which explains what to change?
The answers were correct, so I think points should be awarded.
Okay.   I was the only one who answered, and my answers were correct.  They would also be useful to others using JSF (as beginners, as in this case).  So any of my answers, from the first through the 4th above, could be marked as the accepted answer.