Ken,
I can give this a try. In the login page do I need to setup something
special to show that the login is successful? Can you define the flow
and if there is anything that I need to specify/set in success and
failure cases? Please let me know and I will give it a try tomorrow.
thanks
Karam
Ken Paulsen wrote:
>
> I would have thought "initPage" would do what you're trying to do...
> however, I think you're probably doing a lot more work than you need
> to do.
>
> What you probably want to do is use the container's built-in
> authentication so your application doesn't have to worry (much) about
> it. Here's our "security" stuff from our web.xml file (this one is a
> little more involved than most... but you should be able to get the
> point):
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>noaccess</web-resource-name>
> <url-pattern>/theme/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>noaccess</role-name>
> </auth-constraint>
> </security-constraint>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>protected</web-resource-name>
> <url-pattern>*.jsf</url-pattern>
> <url-pattern>/download/*</url-pattern>
> <url-pattern>/resource/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>public</web-resource-name>
> <url-pattern>/theme/com/sun/webui/*</url-pattern>
> <url-pattern>/theme/META-INF/*</url-pattern>
> <url-pattern>/resource/favicon.ico</url-pattern>
> <url-pattern>/resource/js/*</url-pattern>
> <url-pattern>/resource/css/*</url-pattern>
> <url-pattern>/resource/images/*</url-pattern>
> <http-method>GET</http-method>
> </web-resource-collection>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>admin-realm</realm-name>
> <form-login-config>
> <form-login-page>/login.jsf</form-login-page>
> <form-error-page>/loginError.jsf</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
>
> You will need to setup a Realm in which to authenticate the user.
> Once this is done, the container will ensure all your pages that are
> secure (the ones in the "protected" group above, minus the ones
> allowed by "public" above), are not accessed by anyone that is not
> authenticated.
>
> If the above does not satisfy your requirements and you really do want
> to write code on every page... I'd suggest including that code from a
> common file (or using the ui:include mechanism that I need to get
> checked in soon -- already available for the Facelets syntax). Also I
> think that a "redirect" in an "if" from an "initPage" event should do
> the trick.
>
> Good luck!
>
> Ken
>
> Karam Singh Badesha wrote:
>> Hi,
>> I have implemented the login for my app and once successfully logged
>> I setup a session variable. Now I have have following questions:
>>
>> - where do I put the if statements on all of the pages to check if
>> the session variable exists and have the correct value and also if
>> true load the page normally otherwise redirect to the login page? I
>> have tried putting if statements under initPage and beforeCreate
>> events but it doesn't work. What is the best way to handle this kind
>> of scenario? Is their any other way to take care of this. Any sample
>> code I can look at?
>>
>> thanks
>> Karam