I'm a novice at JSF and I got a couple of questions concerning organizing user authentication there.
1) How can i redirect the registered user to a welcome page (for example welcome.xhtml)? I heard about using Filter or navigation-rule tag, but i didn't found a full-blown tutorial of how it works.
2) How can i tell the server that unauthorized users can access not only the login page but also the registration page? Is there an analog for ASP.NET web.config tag or something like this?
The solution for requirement 1) is already achieved by the solution for requirement 2). You just let the user go to that URL directly. If the user is after all not logged in, then redirect them to the register/login page. That's how it normally works.
You need to implement a Filter which listens on an url-pattern matching the secured pages. E.g. /secured/*, /protected/*, etc. In the doFilter() method you just check for the presence of the logged in User in the current session and handle accordingly. Here's a basic kickoff example:
if (((HttpServletRequest) request).getSession().getAttribute("user") == null) {
// Not logged in, redirect to login page.
response.sendRedirect("login.jsf");
} else {
// Logged in, just continue with request.
chain.doFilter(request, response);
}
To get it to work with JSF, just know the fact that JSF stores session scoped managed beans as attributes of the HttpSession with the managed bean name as key.