You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by Marius Kreis <ma...@nulldevice.org> on 2005/10/19 14:16:22 UTC
How to do custom authentication
Hello everybody.
I'm working on a solution to do a custom authentication. Does anybody
has a proposal for a nice solution differing to the following?
While googling around I found this solution from Aaron Bartell at
http://groups.yahoo.com/group/jsf-developers/message/471
He proposes to use a PhaseListener after RESTORE_VIEW, which checks a
session bean (called LoginController) and then uses the
NavigationHandler to forward the user to the login page in case he's not
logged in.
I modified his code a little bit:
public void afterPhase(PhaseEvent event)
{
FacesContext context = event.getFacesContext();
if(this.isLoggedIn(context))
{
if(context.getViewRoot().getViewId().contains("logout"))
{ // user is logged in and navigated to log out
this.logout(context);
}
}
else // user is not logged in
{
if(!context.getViewRoot().getViewId().contains("login"))
{
// user is not navigating to the login page
// thus force him to go there
NavigationHandler handler =
context.getApplication().getNavigationHandler();
handler.handleNavigation(context, "", "login");
//context.responseComplete(); ???
//context.renderResponse(); ???
}
}
}
The methods isLoggedIn(context) and logout(context) just query the
context for the session bean containing login information.
As u can imagine this code is not working properly. I get a
java.lang.IllegalStateException
at
org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:423)
Whereas it doesn't matter if I append the responseComplete() or
renderResponse() function.
My idea of the error is that the forwarding fails because there was
already sent some body text and it's too late for the http header.
But does anybody know how to get this stuff working? The solution must
work somehow - at least some people happily reported it.
- Marius