Do an action at the page loading

Hi!

I want to do a check on user when I load a page, how can we do this when the page is loading?

(i use JSF pages)
Thanks you!
LVL 1
NargzulAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

serrutomCommented:
You want to check if the user is logged in?

Create a pages.xml file:

<pages login-view-id="/login/login.xhtml">
      <page view-id="/site/*" login-required="true" timeout="900000"/>
      <page view-id="/login/*">
            <navigation>
                  <rule if="#{identity.loggedIn}">
                        <redirect view-id="/site/home/home.xhtml"/>
                  </rule>
            </navigation>
      </page>
      <exception class="org.jboss.seam.security.NotLoggedInException">
            <redirect view-id="/login/login.xhtml">
                  <message>You must be logged in to perform this action</message>
            </redirect>
      </exception>
</pages>

Create a components.xml file:

<components xmlns="http://jboss.com/products/seam/components"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:bpm="http://jboss.com/products/seam/bpm"
            xmlns:web="http://jboss.com/products/seam/web"
            xmlns:security="http://jboss.com/products/seam/security">
      <security:identity authenticate-method="#{Authenticator.authenticate}"/>
</components>

Create the Authenticator bean:

@Name("Authenticator")
public class Authenticator {
   public boolean authenticate() {
      ...
   }
}
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NargzulAuthor Commented:
It seems to be what I need.

Just some questions:

-I don't understand why we need the components.xml
-The <rule if=... must be linked to the Authenticator bean I think?
-Where the <message>...</message> will be displayed on our page.

Thanks a lot for the help!
0
NargzulAuthor Commented:
I don't use seam, is it a problem? Must we register this  page.xml somewhere?

I've found this, but it's more complicated : http://jsf-comp.sourceforge.net/components/on-load/index.html
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

serrutomCommented:
If you don't user seam you can do it by adding following to your web.xml file:

      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/secure/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You also need to define the authentication class in your application server. In JBoss it is done by adding this to the login-config.xml file:

    <application-policy name = "other">
        <authentication>
            <login-module code="com.mycompany.LoginModule" flag="required"></login-module>
        </authentication>
    </application-policy>
0
serrutomCommented:
I think it will be better to protect a complete set of files, instead of checking the security on every page.
0
NargzulAuthor Commented:
But we can define pattern like: adminPages/* or Admin*,

I don't really want to use roles in J2EE, because I've a lot of custom actions to log, and it seems too complicate to connect the database to the role manager.

I think I will use the solution I've founded
0
serrutomCommented:
Yes you can define a pattern like: adminPages/*


      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/adminPages/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You can write your own login module, and use only what you want to use. If you don't have roles, add one fixed role (USER in my example) in your login module.
0
NargzulAuthor Commented:
have you more informations about how to write this kind of module? I've guest, user and admin level. Guest has only access to the login page.
0
serrutomCommented:
What type of application server are you using? JBoss, Tomcat, Resin, ...
0
NargzulAuthor Commented:
glassfish
0
serrutomCommented:
A description of the configuration:

http://blogs.sun.com/phendley/entry/creating_and_using_a_glassfish

And check out the matching package with example files:

http://blogs.sun.com/phendley/resource/loginmoduletest.zip
0
NargzulAuthor Commented:
I'm sorry, but I'm so short in times and it seems to be really complicated, I've watched exemple, but I don't understand how pieces works together, between myRealm, the logn module, what match "ProgrammaticLogin", and I'm very stressed by the time.

And I don't see how to check if we are logged on the system.

In addition, I've other things I must do at the startup(log some informations), and this system will not work for this.

And I don't want to be dependant of an application server.
0
serrutomCommented:
This is a standard way of working, and should work in all java application servers.

Depending on your platform, you can use classes to build your LoginModule on, just to make things easier and not having to implement everything.

Another info link:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java EE

From novice to tech pro — start learning today.