G
gbattine
Hi guys,
i'm a problem and i don't find a solution from 10 days....please help
me.
I have to give access security to my jsf application because each page
shows private information. I have a login page and a visit bean that
store the session's information,like current user and current locale.
I've developed a filter that when a page is loaded try to retrieve user
from Visit Object,if it's not found go to login page.
What's my problem?
When i try to open from my browser a page different from Login my
application shows me the page,without addressing me to Login Page.
When i go to
http://localhost:8080/MicroArray/pages/protected/Menu.jsf
i see the page Menu while i want LOGIN!
Can you help me?
I post you the important code.
This is the important code of mu AuthenticationBean
User newUser=new User(loginName,password,teamName,tipo);
Visit visit = new Visit();
visit.setUser(newUser);
visit.setAuthenticationBean(this);
setVisit(visit);
FacesContext facesContext = getFacesContext();
getApplication().createValueBinding("#{sessionScope.visit}").setValue(facesContext,
visit);
this is my Visit Object
package giu;
import javax.faces.context.FacesContext;
import java.util.Locale;
import javax.faces.model.SelectItem;
import javax.faces.application.Application;
import java.util.*;
import java.io.Serializable;
public class Visit implements Serializable
{
/**
*
*/
private static final long serialVersionUID = 1;
private User user;
private AuthenticationBean authenticationBean;
public Visit()
{
}
public User getUser()
{
return user;
}
public void setUser(User user)
{
this.user = user;
}
public AuthenticationBean getAuthenticationBean()
{
return authenticationBean;
}
public void setAuthenticationBean(AuthenticationBean
authenticationBean)
{
this.authenticationBean = authenticationBean;
}
and this is my filter
package giu;
import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;
public class AuthorizationFilter implements Filter
{
FilterConfig config = null;
ServletContext servletContext = null;
public AuthorizationFilter()
{
}
public void init(FilterConfig filterConfig) throws ServletException
{
config = filterConfig;
servletContext = config.getServletContext();
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException,
ServletException
{
Utils.log(servletContext, "Inside the filter");
HttpServletRequest httpRequest = (HttpServletRequest)request;
HttpServletResponse httpResponse = (HttpServletResponse)response;
HttpSession session = httpRequest.getSession();
String requestPath = httpRequest.getPathInfo();
Visit visit = (Visit)session.getAttribute("visit");
if (visit == null)
{
session.setAttribute("originalTreeId", httpRequest.getPathInfo());
Utils.log(servletContext, "redirecting to " +
httpRequest.getContextPath() +
"/faces/index.jsp");
httpResponse.sendRedirect(httpRequest.getContextPath() +
"/faces/index.jsp");
}
else
{
session.removeAttribute("originalTreeId");
String role = visit.getUser().getRole();
/*
if ((role.equals("utente") && requestPath.indexOf("protected") >
0))
{
String text = Utils.getDisplayString("ptrackResources",
"PathNotFound",
new Object[] { requestPath },
request.getLocale());
httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND,
text);
}
else*/
{
chain.doFilter(request, response);
}
}
Utils.log(servletContext, "Exiting the filter");
}
public void destroy()
{
}
}
index.jsp addresses to /pages/protected/Login.jsf...
with its declaration in web.xml
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>giu.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
Please help me.....
i'm a problem and i don't find a solution from 10 days....please help
me.
I have to give access security to my jsf application because each page
shows private information. I have a login page and a visit bean that
store the session's information,like current user and current locale.
I've developed a filter that when a page is loaded try to retrieve user
from Visit Object,if it's not found go to login page.
What's my problem?
When i try to open from my browser a page different from Login my
application shows me the page,without addressing me to Login Page.
When i go to
http://localhost:8080/MicroArray/pages/protected/Menu.jsf
i see the page Menu while i want LOGIN!
Can you help me?
I post you the important code.
This is the important code of mu AuthenticationBean
User newUser=new User(loginName,password,teamName,tipo);
Visit visit = new Visit();
visit.setUser(newUser);
visit.setAuthenticationBean(this);
setVisit(visit);
FacesContext facesContext = getFacesContext();
getApplication().createValueBinding("#{sessionScope.visit}").setValue(facesContext,
visit);
this is my Visit Object
package giu;
import javax.faces.context.FacesContext;
import java.util.Locale;
import javax.faces.model.SelectItem;
import javax.faces.application.Application;
import java.util.*;
import java.io.Serializable;
public class Visit implements Serializable
{
/**
*
*/
private static final long serialVersionUID = 1;
private User user;
private AuthenticationBean authenticationBean;
public Visit()
{
}
public User getUser()
{
return user;
}
public void setUser(User user)
{
this.user = user;
}
public AuthenticationBean getAuthenticationBean()
{
return authenticationBean;
}
public void setAuthenticationBean(AuthenticationBean
authenticationBean)
{
this.authenticationBean = authenticationBean;
}
and this is my filter
package giu;
import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;
public class AuthorizationFilter implements Filter
{
FilterConfig config = null;
ServletContext servletContext = null;
public AuthorizationFilter()
{
}
public void init(FilterConfig filterConfig) throws ServletException
{
config = filterConfig;
servletContext = config.getServletContext();
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException,
ServletException
{
Utils.log(servletContext, "Inside the filter");
HttpServletRequest httpRequest = (HttpServletRequest)request;
HttpServletResponse httpResponse = (HttpServletResponse)response;
HttpSession session = httpRequest.getSession();
String requestPath = httpRequest.getPathInfo();
Visit visit = (Visit)session.getAttribute("visit");
if (visit == null)
{
session.setAttribute("originalTreeId", httpRequest.getPathInfo());
Utils.log(servletContext, "redirecting to " +
httpRequest.getContextPath() +
"/faces/index.jsp");
httpResponse.sendRedirect(httpRequest.getContextPath() +
"/faces/index.jsp");
}
else
{
session.removeAttribute("originalTreeId");
String role = visit.getUser().getRole();
/*
if ((role.equals("utente") && requestPath.indexOf("protected") >
0))
{
String text = Utils.getDisplayString("ptrackResources",
"PathNotFound",
new Object[] { requestPath },
request.getLocale());
httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND,
text);
}
else*/
{
chain.doFilter(request, response);
}
}
Utils.log(servletContext, "Exiting the filter");
}
public void destroy()
{
}
}
index.jsp addresses to /pages/protected/Login.jsf...
with its declaration in web.xml
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>giu.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
Please help me.....