Check if session exists JSF

by

If someone writes a URL and tries to jump the login page, how can I check that and redirect him to the login page?

You seem to using homegrown authentication. In that case, you need to implement a servlet filter. JSF stores session scoped managed beans as attributes of HttpSession, so you could just check on that in doFilter() method:

HttpServletRequest req = (HttpServletRequest) request;
UserManager userManager = (UserManager) req.getSession().getAttribute("userManager");

if (userManager != null && userManager.isLoggedIn()) {
    chain.doFilter(request, response);
} else {
    HttpServletResponse res = (HttpServletResponse) response;
    res.sendRedirect(req.getContextPath() + "/login.xhtml");
}

Map this filter on an URL pattern covering the secured pages, e.g. /app/*.

When I return and try to interact with the form it sends a message alerting me the session expiration. How can I redirect again to the login form when this occurs?

I understand that this concerns Ajax requests? For normal requests you could have used an <error-page> in web.xml. If setting the state saving method to client in web.xml as follows

<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
</context-param>

is not an option, then you need to implement a custom ExceptionHandler:

public class ViewExpiredExceptionHandler extends ExceptionHandlerWrapper {

    private ExceptionHandler wrapped;

    public ViewExpiredExceptionHandler(ExceptionHandler wrapped) {
        this.wrapped = wrapped;
    }

    @Override
    public void handle() throws FacesException {
        FacesContext facesContext = FacesContext.getCurrentInstance();

        for (Iterator<ExceptionQueuedEvent> iter = getUnhandledExceptionQueuedEvents().iterator(); iter.hasNext();) {
            Throwable exception = iter.next().getContext().getException();

            if (exception instanceof ViewExpiredException) {
                facesContext.getApplication().getNavigationHandler().handleNavigation(facesContext, null, "viewexpired");
                facesContext.renderResponse();
                iter.remove();
            }
        }

        getWrapped().handle();
    }

    @Override
    public ExceptionHandler getWrapped() {
        return wrapped;
    }

}

(note that this particular example navigates to viewexpired, so it expects a /viewexpired.xhtml as error page)

The above needs to be baked by the following ExceptionHandlerFactory implementation:

public class ViewExpiredExceptionHandlerFactory extends ExceptionHandlerFactory {

    private ExceptionHandlerFactory parent;

    public ViewExpiredExceptionHandlerFactory(ExceptionHandlerFactory parent) {
        this.parent = parent;
    }

    @Override
    public ExceptionHandler getExceptionHandler() {
        return new ViewExpiredExceptionHandler(parent.getExceptionHandler());
    }

}

which in turn needs to be registered in faces-config.xml as follows:

<factory>
    <exception-handler-factory>com.example.ViewExpiredExceptionHandlerFactory</exception-handler-factory>
</factory>

More Related Contents:

  1. javax.faces.application.ViewExpiredException: View could not be restored
  2. Localization in JSF, how to remember selected locale per session instead of per request/view
  3. Adding causes java.lang.IllegalStateException: Cannot create a session after the response has been committed
  4. How to invalidate session in JSF 2.0?
  5. com.sun.faces.numberOfViewsInSession vs com.sun.faces.numberOfLogicalViews
  6. How to handle session expiration and ViewExpiredException in JSF 2?
  7. Get Request and Session Parameters and Attributes from JSF pages
  8. How to provide a file download from a JSF backing bean?
  9. When should I use h:outputLink instead of h:commandLink?
  10. How to dynamically add JSF components
  11. Component to inject and interpret String with HTML code into JSF page
  12. Retaining GET request query string parameters on JSF form submit
  13. How to use enum values in f:selectItem(s)
  14. Can I update a JSF component from a JSF backing bean method?
  15. Difference between View and Request scope in managed beans
  16. How can I set id of a component/tag inside ui:repeat
  17. How to create a custom Facelets tag?
  18. How to invalidate an user session when he logs twice with the same credentials
  19. How to skip validation when a specific button is clicked?
  20. JSF 2 and Post/Redirect/Get?
  21. JSF + PrimeFaces: `update` attribute does not update component
  22. Is it possible to disable f:event type=”preRenderView” listener on postback?
  23. Prevent suffix from being added to resources when page loads
  24. Bookmarkability via View Parameters feature
  25. Why is the getter called so many times by the rendered attribute?
  26. Classic ASP: Multiple ASPSESSIONID in cookies
  27. Are @ManagedBeans obsolete in JavaEE6 because of @Named in CDI/Weld?
  28. How to pass parameter to f:ajax in h:inputText? f:param does not work
  29. c:forEach inside primefaces(e.g. p:panelgrid) inside ui:repeat
  30. how to share a jsf error page between multiple wars

Leave a Comment