?
Solved

How to restrict access to JSF pages that are not login

Posted on 2008-11-11
14
Medium Priority
?
3,208 Views
Last Modified: 2013-11-24
I have implemented a simple login on a JSF. I am suppose to see a restricted pages after I login. However, I can also access the restricted page without going through the login process. How do I lock direct access to these restricted pages so that they can only be reached after a login process.
 I need to implement this in JSF for my school project.

What are my options to implemnt this?
0
Comment
Question by:dovob
  • 7
  • 4
11 Comments
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 22934590
If you are not using the login controls available from your servlet engine (e.g., Tomcat has security contraints which can be built in) then you have to implement the login security yourself.

You can check in the page whether the user has logged in, and if they have not, redirect them to the login page.
0
 

Author Comment

by:dovob
ID: 22935341
How can I check if the user is login in JSF?
0
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 2000 total points
ID: 22936120
In your simple login in JSF, write a value to the user session which indicates that your user is logged in.  Then check that value on every page which you are protecting with login.  For example:

After successful login:

session.setAttribute("loggedIn", "true");

Check on protected pages:

String checkLogin = (String) session.getAttribute("loggedIn");
if( "true".equalsIgnoreCase(checkLogin) ) {
  // okay
}
else {
  response.sendRedirect("/myloginpage.jsp");
}
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dovob
ID: 22936290
Thanks for your patience. I have some knowledge on servlet and JSP but I am pretty new to the concept of JSF.

I would like to find out if there is a more sophisticated way of defining this in JSF without implementing the whole chunk of code on this page?

Is there anything I can include in face-config.xml?
0
 
LVL 27

Assisted Solution

by:mrcoffee365
mrcoffee365 earned 2000 total points
ID: 22936941
0
 

Author Comment

by:dovob
ID: 22937525
I have tried them but none of them have the function of restricting access to restricted pages and logging out.

0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 22942056
This example:
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html

specifically restricts access to index.jsp with the login.  What didn't work for you?
0
 

Author Comment

by:dovob
ID: 22946458
I would like to restrict access to the successful.jsp in the example from
http://amateras.sourceforge.jp/docs/FacesIDE/SampleJSFApp.html

User who are not login cannot access the successful.jsp page directly from the url
http://localhost:8080/login/success.jsp
instead they have to go through the normal login process from
http://localhost:8080/login/login.jsp
in order to reach the successful page.
How do I implement such a restriction of the successfl.jsp page. That's my question.
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 22951503
What does your web.xml look like?  Did you follow the directions at the bottom of the page, which explains what to change?
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 24728600
The answers were correct, so I think points should be awarded.
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 24735597
Okay.   I was the only one who answered, and my answers were correct.  They would also be useful to others using JSF (as beginners, as in this case).  So any of my answers, from the first through the 4th above, could be marked as the accepted answer.  

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question