Hi Groovy,
I had the same problem. User should not be able to enter any application
page without establishing a session first. I finally found the on-load
facility. Here's in detail what I did...
In faces-config.xml introduce a phase-listeren (this is the onload phase
listener):
<lifecycle>
<phase-listener>net.sf.jsfcomp.onload.OnLoadPhaseListener
</phase-listener>
</lifecycle>
This listener listens to page-load events.
In web.xml a section is inrtroduced which tells the OnloadPhaseListener
where to find the config file:
<!--
***** ON-LOAD*****
On load will allow you to activate a method when a page is loaded. This
method
can then produce an outcome based on which navigation can be done. Handy
if,
for example, a user navigates to a page inside a web-application
directly (you
can then re-direct to the start of the application if certain conditions
are
not met).
-->
<context-param>
<param-name>onload-config</param-name>
<param-value>/WEB-INF/on-load/onload-config.xml</param-value>
</context-param>
In the onload-config.xml there is a definiton what to do when an
application page is loaded. The checkIfLoCExists is a method in the
backing bean which returns an outcome used for navigation.
<?xml version="1.0" encoding="UTF-8"?>
<onload-config xmlns="urn:onload-config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:onload-config onload-config.xsd">
<navigation-rule>
<!-- prevent navigation to pages in the LoC application when the
user has not been to the main page (where a LoC must be
selected)
-->
<view-id>/LOC/pages/*</view-id>
<action>#{locDataPaginaServiceBean.checkIfLoCExists}</action>
<success-result>LoCExists</success-result>
</navigation-rule>
</onload-config>
The method mentioned:
/**
* Method to check whether a letter of credit exists when a page
is loaded.
* If not (or if there is no reference number in it), an outcome
is set that
* can be used to navigate to a different page (usually the main
page where
* a LoC can be selected).
*
* @return outcome to use for navigation purposes
*/
public String checkIfLoCExists() {
if (getLetterOfCredit() == null ||
getLetterOfCredit().getLocReferenceNumber() ==
null ||
getLetterOfCredit().getLocReferenceNumber().trim().length() == 0) {
return "LoCDoesNotExist";
}
return "LoCExists";
}
And, last but not least, in faces-config.xml a navigation-rule has been
defined which re-directs the outcome "LoCDoesNotExist" to the required
page (in your case a login page):
<navigation-rule>
<from-view-id>/LOC/pages/*</from-view-id>
<navigation-case>
<from-outcome>LoCDoesNotExist</from-outcome>
<to-view-id>/LOC/LetterOfCreditList.jspx</to-view-id>
<redirect />
</navigation-case>
</navigation-rule>
Of course, you also need the on-load jar in your web app (I am using
on-load-1.0.jar).
Regards,
Willem Kunkels
Java Developer
Koopman International BV
GroovieMan <[EMAIL PROTECTED]>
01-12-2008 06:54
Antwoord a.u.b. aan
"MyFaces Discussion" <[email protected]>
Aan
[email protected]
Cc
Onderwerp
[myfaces] How do i prevent, that an unautherized user side enters the
jsf-statemachine
Morning sirs,
i created a nice application with some jsp-pages,
a sort of state machine in my faces-config.xml and
a dedicated login jsp-page.
I would like to make sure, that nobody may side enter
a jsp-page, without vistiting the login.jsp with a
successful login and getting a valid session.
Putting this into a controller would be too late,
and the jsp-file looks not be the proper file.
So what and where do i have to set/change something?
Is there a good example out there ?
Thank you for your help!
Groovie
--
View this message in context:
http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized-user-side-enters-the-jsf-statemachine-tp20766520p20766520.html
Sent from the MyFaces - Users mailing list archive at Nabble.com.
