Hello,
I'm trying to make an application with authentication with MyFaces.
First of all I created a Filter to check if the logged user had access
to the requested url, something like this:
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
String contextPath = ((HttpServletRequest)req).getContextPath();
String requestUri = ((HttpServletRequest)req).getRequestURI();
if (this.authorize((HttpServletRequest)req)) {
((HttpServletRequest)req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req,
res);
}
else {
chain.doFilter(req, res);
}
The authorize method determines if the logged user (if any) has
permissions to access the url.
The problem is that the requested URL, with MyFaces is not the real
requested url. That is:
If I have page1.jsp and page2.jsf, and in page1 I put a commandLink that
points to page2, the url when the user clicks the link isn't page2, but
page1. So, the filter strategy doesn't work.
Right now I'm trying to achieve this using PhaseListeners. I've
implemented a PhaseListener, and I retrieve the RootView Id:
FacesContext fc = event.getFacesContext();
//The view Id: fc.getViewRoot().getViewId()
I thought this way I could access to the real requested URL. I've tried
it using the listener at phases "restore view" and "render response",
but I still get an invalid url.
Does anybody have any suggestion on this?
Thanks,
Marcos
