How to redirect a logged out user to the home page in Java EE/JSF?

Question

I need to allow only logged-in users to most of the pages of my application. I am developing a Java Enterprise application with JSF 2. Does anyone know how I can do that? maybe

Answer 1

There are different ways to do that . Firstly you can use filters to control page access or you can use phase listeners that listens jsf phases .

I wanna give you two examples for them ;

  public class SecurityFilter implements Filter{
      FilterConfig fc;

   public void init(FilterConfig filterConfig)throws ServletException {
      fc = filterConfig;
   }
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
   throws IOException, ServletException{
      HttpServletRequest req = (HttpServletRequest)request;
      HttpServletResponse resp = (HttpServletResponse) response;
      HttpSession session = req.getSession(true);

      String pageRequested = req.getRequestURI().toString();
      if(session.getAttribute("user") == null && !pageRequested.contains("login.xhtml")){
         resp.sendRedirect("login.xhtml");
      }else{
        chain.doFilter(request, response);
      }
   }
   public void destroy(){

   }

}

And you should add this filter to web.xml;

    SecurityFilter
    com.webapp.SecurityFilter
  
  
    SecurityFilter
    /*
  

Phase Listener example ;

public class SecurityFilter implements PhaseListener {


    public void beforePhase(PhaseEvent event) {
    }

    public void afterPhase(PhaseEvent event) {
      FacesContext fc = event.getFacesContext();

      boolean loginPage =
      fc.getViewRoot().getViewId().lastIndexOf("login") > -1 ? true : false;
        if (!loginPage && !isUserLogged()) {
             navigate(event,"logout");
        }
    }

    private boolean isUserLogged() {
        //looks session for user 
    }
    private void navigate(PhaseEvent event, String page) {
       FacesContext fc = event.getFacesContext();
       NavigationHandler nh = fc.getApplication().getNavigationHandler();
       nh.handleNavigation(fc, null, page);
    }
    public PhaseId getPhaseId() {
        return PhaseId.RESTORE_VIEW;
    }

}

So if you want to use listener you should add this to your faces-config.xml ; Note : "logout" is a navigation rule which is defined in faces-config

 com.myapp.SecurityFilter

Edit : The navigation rule ;

        /*
        
            logout
            /login.xhtml
            
        
    

You can put your user to session in login method like that ;

FacesContext context = FacesContext.getCurrentInstance(); 
HttpSession session = 
(HttpSession)context.getExternalContext().getSession(true); 

session.setAttribute("user", loggedUser);