Home/ Questions/Q 882607
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T12:27:14+00:00

I have a dynamic web application in Java EE with JSF, Facelets, Richfaces. My

  • 0

I have a dynamic web application in Java EE with JSF, Facelets, Richfaces.
My pages are all xhtml pages.
So JSTL isn’t working in it.
For my account pages and all other private pages to be reachable, I want to test if the user got connected, so if the attribute session in HttpSession is not null. If it’s null, the user gets redirected in the welcome page.

I tried in my xhtml page : 

<jstl:if test="${sessionScope['session']==null}">
 <jstl redirect...>
</jstl:if>-->

but as it’s not jsp page it won’t work. So where am I supposed to test if the session is not null to allow the user to see his private pages ?
in a central managed bean ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The normal place for this is a Filter.

    Create a class which implementsjavax.servlet.Filter and write the following logic in the doFilter() method:

    if (((HttpServletRequest) request).getSession().getAttribute("user") == null) {
    // Not logged in, so redirect request to login page.
    ((HttpServletResponse) response).sendRedirect("/login.jsf");
} else {
    // Logged in, so just continue request.
    chain.doFilter(request, response);
}

    Map this filter in web.xml on an url-pattern of something like /private/*, /secured/*, /restricted/*, etc.

    <filter>
    <filter-name>loginFilter</filter-name>
    <filter-class>com.example.LoginFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>loginFilter</filter-name>
    <url-pattern>/private/*</url-pattern>
</filter-mapping>

    If you have the private pages in the /private folder then this filter will be invoked and handle the presence of the logged-in user in the session accordingly.

    Note that I renamed attribute name session to user since that makes much more sense. The HttpSession itself is namely already the session. It would otherise been too ambiguous and confusing for other developers checking/maintaining your code.

    • 0