dovob
asked on
How to restrict access to JSF pages that are not login
I have implemented a simple login on a JSF. I am suppose to see a restricted pages after I login. However, I can also access the restricted page without going through the login process. How do I lock direct access to these restricted pages so that they can only be reached after a login process.
I need to implement this in JSF for my school project.
What are my options to implemnt this?
I need to implement this in JSF for my school project.
What are my options to implemnt this?
ASKER
How can I check if the user is login in JSF?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your patience. I have some knowledge on servlet and JSP but I am pretty new to the concept of JSF.
I would like to find out if there is a more sophisticated way of defining this in JSF without implementing the whole chunk of code on this page?
Is there anything I can include in face-config.xml?
I would like to find out if there is a more sophisticated way of defining this in JSF without implementing the whole chunk of code on this page?
Is there anything I can include in face-config.xml?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have tried them but none of them have the function of restricting access to restricted pages and logging out.
This example:
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html
specifically restricts access to index.jsp with the login. What didn't work for you?
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html
specifically restricts access to index.jsp with the login. What didn't work for you?
ASKER
I would like to restrict access to the successful.jsp in the example from
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html
User who are not login cannot access the successful.jsp page directly from the url
http://localhost:8080/login/success.jsp
instead they have to go through the normal login process from
http://localhost:8080/login/login.jsp
in order to reach the successful page.
How do I implement such a restriction of the successfl.jsp page. That's my question.
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html
User who are not login cannot access the successful.jsp page directly from the url
http://localhost:8080/login/success.jsp
instead they have to go through the normal login process from
http://localhost:8080/login/login.jsp
in order to reach the successful page.
How do I implement such a restriction of the successfl.jsp page. That's my question.
What does your web.xml look like? Did you follow the directions at the bottom of the page, which explains what to change?
The answers were correct, so I think points should be awarded.
Okay. I was the only one who answered, and my answers were correct. They would also be useful to others using JSF (as beginners, as in this case). So any of my answers, from the first through the 4th above, could be marked as the accepted answer.
You can check in the page whether the user has logged in, and if they have not, redirect them to the login page.