ansaurus

Question

Answer 1

A:

Try this in your backing bean when a request is received (like in an action method):

HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = request.getSession();

Then you can work with the request and session objects just like you used to with JSPs, setting attributes and so on.

You might also want to take a look at my related question about checking the client session in a servlet Filter. You could write a similar Filter to check for the user login in their HttpSession and then do a redirect (or RequestDispatch like I ended up doing) to your login page if needed.

Jim Tough 2010-10-01 17:23:04

HttpSession have method setAttribute() the same session in jSP but how can i maintain and check session in client ?

Kency 2010-10-01 17:47:47

@Kency I'm not understanding what it was you were doing before. Can you edit your question and provide some of your old code? When you say "check session in client", do you actually mean that you are checking something on the client-side using JavaScript?

Jim Tough 2010-10-01 18:14:35

@Jimtough i was find phaselistenter to check user login for JSF. My question is when user access web page via web browser jsf will check user login or not it means in jsp i write 1 page session.getAttribute("thename") and include it in header page where i want to check user login or not login. But use phaselistener will check it but now i not yet understand phaselistener work. you have tutorial link for JSF login session,if any? if you have give me link to tutorial thank you

Kency 2010-10-01 18:41:44

Answer 2

+1 A:

Create a session scoped managed bean which roughly look like this:

@ManagedBean
@SessionScoped
public class UserManager {
    private String username;
    private String password;
    private User user;

    public String login() {
        user = userDAO.find(username, password);
        if (user != null) {
            username = password = null;
            return "home";
        } else {
            setMessage("Unknown login, please retry.");
            return "login";
        }
    }

    public String logout() {
        user = null;
        return "login";
    }

    public boolean isLoggedIn() {
        return user != null;
    }

    // ...
}

In the Facelets page, just bind the username and password input fields to this bean and invoke login() action accordingly.

<h:form>
    <h:inputText value="#{userManager.username}" />
    <h:inputSecret value="#{userManager.password}" />
    <h:commandButton value="login" action="#{userManager.login}" />
</h:form>

When testing if the user is logged in, make use of the UserManager#isLoggedIn() in some rendered attribute, e.g.

<h:panelGroup rendered="#{userManager.loggedIn}">
    <p>Welcome, #{userManager.user.fullName}</p>
</h:panelGroup>

No need to fiddle with raw servlet API like that. Session scoped beans are stored as session attribtues anyway.

As to checking if an user is logged in or not, just create a Filter which does roughly the following in doFilter() method:

HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
UserManager userManager = (UserManager) req.getSession().getAttribute("userManager");
if (userManager == null || !userManager.isLoggedIn()) {
    res.sendRedirect("login.xhtml");
} else {
    chain.doFilter(request, response);
}

Map it on an url-pattern covering the restricted pages, e.g. /secured/*. Note that the managed bean name is exactly the session attribute name.

BalusC 2010-10-01 18:29:51

hi BalusC all it ok but i have little problem with map to web.xml page you can see above question i was edit, i have folder admin in web project and redirect to ../admin/login.xhtml it not work browser dont understand it

Kency 2010-10-02 16:35:56

If the login page is placed in `/admin`, then the same filter will be invoked again and it will go in an infinite redirect loop because the user isn't logged in. Either place the login page outside the `/admin` or add a condition which checks if `req.getPathInfo().startsWith("/login.xhtml")` and then just continue the chain and don't redirect.

BalusC 2010-10-02 16:46:27

once again i was edited my question with solution you suggest but i retrieve error 500 HTTP Status in glassfish server it throws Null Pointer Exception

Kency 2010-10-02 17:05:03

OK, the pathinfo is apparently `null` in your filter. Use `req.getRequestURI().endsWith("/login.xhtml")` instead.

BalusC 2010-10-02 17:14:58

You're welcome.

BalusC 2010-10-02 18:07:37

thank you for your support ! but when it redirect to login.xhtml i true but i want chang extension to login.jsf

Kency 2010-10-02 18:13:18

Just change it accordingly in the URL's in the filter.

BalusC 2010-10-02 18:15:53

oh i missing mapped `<url-pattern>*.jsf</url-pattern>` and edit in filter class, once again thank you very much

Kency 2010-10-02 18:23:25

Hi Balusc I have new Problem with it, userlogin above i use for admincp but when i access to main page( it out of admincp folder) example content/register.xhtml it redirect me to http://localhost/content/admin/login.jsf. how can i avoid redirect in page out of admincp folder, i was map in web.xml url-partern is `<url-partern>/admin/*</url-partern>` Thank you!

Kency 2010-10-16 08:33:08

Redirect to `/content/login.jsf` or `../login.jsf` instead.

BalusC 2010-10-16 12:05:24

Hi Balusc i do it but i repeat loading to login.jsf http://localhost/myproject/admin/login.jsf, in firefox i get message `The page isn't redirecting properly` , true url redirect in filter is `res.sendRedirect("../admin/login.jsf");`

Kency 2010-10-19 11:25:49

and i have problem with logout, when i logout user is null and re-login it throws Exception target null user.username. why error? Thank you

Kency 2010-10-19 11:28:02

The first error is caused because you're redirecting to the login page in an infinite loop. You have to either move the login page outside the url-pattern of the filer or check inside the filter if the currently requested page is not the login page. As to the logout, just add a `if (user != null)` check before accessing the user.

BalusC 2010-10-19 11:38:58

Thank you , i move login in other folder of admin folder and other page inside content folder. it work well Thank you

Kency 2010-10-19 13:25:46

Where do i add `if(user !=null)` ? login method or logout method? i try with logout and login but it not work

Kency 2010-10-19 17:36:53

Just there where `NullPointerException` was caused because `user` is `null`.

BalusC 2010-10-19 17:43:56

Hi BalusC i get exception `WARNING: /admin/login.xhtml @43,73 value="#{loginController.user.username}": Target Unreachable, 'null' returned null` i dont know where i can add user != null, i was updated question with code. GoodNight BalusC Thank You!

Kency 2010-10-19 19:27:07

That's not a `NullPointerException`. The `#{loginController.user}` just returned `null` and therefore it's impossible to set `#{loginController.user.username}`. You need to ensure that `#{loginController.user}` never returns null. Usually, you'd like to preinitialize nested beans during declaration or bean's construction or postconstruct like `user = new User()`. And.. in the future, please ask a new question for each independent problem :)

BalusC 2010-10-19 19:30:04

Thank you ! but i was preinitialize it in constructor and when end-user call method login, user set to null in this method user=null and user is global varialbe when user logout it set to null therefore loginController.user is null,i know it, but i dont know how to re-initial it to user = new User(); After this problem i will post each question for independent problem :) Thank You

Kency 2010-10-19 19:42:51

You'd like to approach this problem a bit differently. Instead of relying on the presence of the `User` to check if someone is logged in or not, use for example `if (user.getId() != null)`. On logout, just do `user = new User()` to prepare the login fields.

BalusC 2010-10-19 19:45:29

ansaurus

tags:

views:

answers:

JSF HTTP Session Login

related questions