Home/ Questions/Q 1106417
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T01:47:23+00:00

I try to create login form in web application. in JSP page I can

  • 0

I try to create login form in web application.
in JSP page I can use

<%
   String name = request.getParameter( "username" );
   session.setAttribute( "theName", name );
%>

but now I am using JSF /Facelets for web application
I don’t know how to create session in JSF Backing bean for client and check if user is logged in or not so it will redirect into login page.
who can help me give me link tutorial for these problem ?
thank you before

Now I have little problem with mapping into web.xml
code snipped of class Filter

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    this.config = filterConfig;
}

@Override
public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    LoginController controller = (LoginController) req.getSession()
            .getAttribute("loginController");
    if (controller == null || !controller.isLoggedIn()) {
        res.sendRedirect("../admin/login.xhtml");
    } else {
        chain.doFilter(request, response);
    }
}

and in web.xml I map with <fitler> tag

<filter>
    <filter-name>userLoginFilter</filter-name>
    <filter-class>com.mcgraw.controller.UserLoginFilter</filter-class>
    <init-param>
        <param-name>loginPage</param-name>
        <param-value>/login.xhtml</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>userLoginFilter</filter-name>
    <url-pattern>/admin/*</url-pattern>
</filter-mapping>

I have one folder admin in web project and I check if the user is not logged in with admin permission to not access page (I can do the permission check) but when I use the filter the browser doesn’t understand url ??
no StackTrace show when the browser doesn’t understand url

Error shown on Firefox

The page isn't redirecting properly

on IE it loading … loading . .. non-stop

now I change condition which check if req.getPathInfo.startsWith(“/login.xhtml”) it will do chain

I have 2 idea but it response 500 HTTP STATUS 

 if (controller == null || !controller.isLoggedIn()) {
     res.sendRedirect("../admin/login.xhtml");
     if(req.getPathInfo().startsWith("/login.xhtml")){
     chain.doFilter(request, response);
}

} else {
     chain.doFilter(request, response);
}

===============

if (controller == null || !controller.isLoggedIn()) {
    if (!req.getPathInfo().startsWith("/login.xhtml")) {
        res.sendRedirect("../admin/login.xhtml");
    } else {
        chain.doFilter(request, response);
    }
} else {
    chain.doFilter(request, response);
}

======================
update Class loginController

package com.mcgraw.controller;

import com.DAO.UserBean;
import com.entity.IUser;
import java.io.Serializable;
import javax.ejb.EJB;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;

/**
 * @author Kency
 */
@ManagedBean
@SessionScoped
public class LoginController implements Serializable {

    @EJB
    private UserBean userBean;
    private IUser user;
    private boolean admin;
    private boolean mod;
    private PasswordService md5;

    /** Creates a new instance of LoginController */
    public LoginController() {
        user = new IUser();
        md5 = new PasswordService();
    }

    // getter / setter
    public boolean isMod() {
        return mod;
    }

    public void setMod(boolean mod) {
        this.mod = mod;
    }

    public IUser getUser() {
        return user;
    }

    public void setUser(IUser user) {
        this.user = user;
    }

    public boolean isAdmin() {
        return admin;
    }

    public void setAdmin(boolean admin) {
        this.admin = admin;
    }

    public String cplogin() {
        String md5Password = md5.md5Password(user.getPassword());
        if (userBean.userLogin(user.getUsername(), md5Password) != null) {
            if (user.getUsername() != null || md5Password != null) {
                user = userBean.userLogin(user.getUsername(), md5Password);
                if (user.getGroups().getAdmin() != null) {
                    setAdmin(user.getGroups().getAdmin());
                }
                if (user.getGroups().getMods() != null) {
                    setMod(user.getGroups().getMods());
                }
                if (isAdmin() == true || isMod() == true) {
                    return "home";
                } else {
                    return "login";
                }
            } else {
                return "login";
            }
        } else {
            return "login";
        }
    }

    public String logout() {
        user = null;
        return "login";
    }

    public boolean isLoggedIn() {
        return user != null;
    }
}

I have new problem if render JSF taglib with method loggedIn, in index page (not in admin folder) user doesn’t login can see what I render example, <== this like if user doesn’t login user can’t see but why can he see it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can in JSF get/set HTTP session attributes via ExternalContext#getSessionMap() which is basically a wrapper around HttpSession#get/setAttribute().

    @Named
@RequestScoped
public class LoginController {

    private String username;
    private String password;

    @EJB
    private UserService userService;

    public String login() {
        User user = userService.find(username, password);
        FacesContext context = FacesContext.getCurrentInstance();

        if (user == null) {
            context.addMessage(null, new FacesMessage("Unknown login, try again"));
            username = null;
            password = null;
            return null;
        } else {
            context.getExternalContext().getSessionMap().put("user", user);
            return "userhome?faces-redirect=true";
        }
    }

    public String logout() {
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
        return "index?faces-redirect=true";
    }

    // ...
}

    In the Facelets page, just bind the username and password input fields to this bean and invoke login() action accordingly.

    <h:form>
    <h:inputText value="#{loginController.username}" />
    <h:inputSecret value="#{loginController.password}" />
    <h:commandButton value="login" action="#{loginController.login}" />
</h:form>

    Session attributes are directly accessible in EL. A session attribute with name user is in EL available as #{user}. When testing if the user is logged in some rendered attribute, just check if it’s empty or not.

    <h:panelGroup rendered="#{not empty user}">
    <p>Welcome, #{user.fullName}</p>
    <h:form>
        <h:commandButton value="logout" action="#{loginController.logout}" />
    </h:form>
</h:panelGroup>

    The logout action basically just trashes the session.

    As to checking an incoming request if a user is logged in or not, just create a Filter which does roughly the following in doFilter() method:

    @Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {    
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    HttpSession session = request.getSession(false);
    String loginURI = request.getContextPath() + "/login.xhtml";

    boolean loggedIn = session != null && session.getAttribute("user") != null;
    boolean loginRequest = request.getRequestURI().equals(loginURI);
    boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);

    if (loggedIn || loginRequest || resourceRequest) {
        chain.doFilter(request, response);
    } else {
        response.sendRedirect(loginURI);
    }
}

    Map it on an url-pattern covering the restricted pages, e.g. /secured/*, /app/*, etc.

    See also:

    • 0