You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by GroovieMan <ch...@gmx.de> on 2008/12/01 06:54:45 UTC
[myfaces] How do i prevent, that an unautherized user side enters
the jsf-statemachine
Morning sirs,
i created a nice application with some jsp-pages,
a sort of state machine in my faces-config.xml and
a dedicated login jsp-page.
I would like to make sure, that nobody may side enter
a jsp-page, without vistiting the login.jsp with a
successful login and getting a valid session.
Putting this into a controller would be too late,
and the jsp-file looks not be the proper file.
So what and where do i have to set/change something?
Is there a good example out there ?
Thank you for your help!
Groovie
--
View this message in context: http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized-user-side-enters-the-jsf-statemachine-tp20766520p20766520.html
Sent from the MyFaces - Users mailing list archive at Nabble.com.
Re: [myfaces] How do i prevent, that an unautherized user side
enters the jsf-statemachine
Posted by Groovie <gr...@groovesytems.de>.
Salve
Scott O'Bryan wrote:
>
> Filter?
>
Filter ... what ?
Scott O'Bryan wrote:
>
> Sent from my iPhone
>
a real hero!
--
View this message in context: http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized-user-side-enters-the-jsf-statemachine-tp20766520p20768111.html
Sent from the MyFaces - Users mailing list archive at Nabble.com.
Re: [myfaces] How do i prevent, that an unautherized user side enters the jsf-statemachine
Posted by Scott O'Bryan <da...@gmail.com>.
Filter?
Sent from my iPhone
On Nov 30, 2008, at 10:54 PM, GroovieMan <ch...@gmx.de>
wrote:
>
> Morning sirs,
>
> i created a nice application with some jsp-pages,
> a sort of state machine in my faces-config.xml and
> a dedicated login jsp-page.
> I would like to make sure, that nobody may side enter
> a jsp-page, without vistiting the login.jsp with a
> successful login and getting a valid session.
>
> Putting this into a controller would be too late,
> and the jsp-file looks not be the proper file.
>
> So what and where do i have to set/change something?
> Is there a good example out there ?
>
> Thank you for your help!
> Groovie
>
>
> --
> View this message in context: http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized-user-side-enters-the-jsf-statemachine-tp20766520p20766520.html
> Sent from the MyFaces - Users mailing list archive at Nabble.com.
>
Re: [myfaces] How do i prevent, that an unautherized user side enters the jsf-statemachine
Posted by Volker Weber <v....@inexso.de>.
Try a (google) search for web.xml security
this is not myfaces nor jsf specific so you can use any solution you
found for javax.servlet technology
Regards,
Volker
2008/12/2 GroovieMan <ch...@gmx.de>:
>
> It would be a better help. if you will tell us, WHAT
> RAD had changed in the web.xml and stop telling
> us, what proprietary software you are using.
>
> Ya not sent this message via iPod device ?
>
>
> Nutulapati, Krishna wrote:
>>
>> You can add securrity constraints using security editor tool of RAD, in
>> web.xml. Later you can define the groups in the deployment descriptor of
>>
>
> --
> View this message in context: http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized-user-side-enters-the-jsf-statemachine-tp20766520p20789100.html
> Sent from the MyFaces - Users mailing list archive at Nabble.com.
>
>
--
inexso - information exchange solutions GmbH
Bismarckstraße 13 | 26122 Oldenburg
Tel.: +49 441 4082 356 |
FAX: +49 441 4082 355 | www.inexso.de
RE: [myfaces] How do i prevent, that an unautherized user side
enters the jsf-statemachine
Posted by GroovieMan <ch...@gmx.de>.
It would be a better help. if you will tell us, WHAT
RAD had changed in the web.xml and stop telling
us, what proprietary software you are using.
Ya not sent this message via iPod device ?
Nutulapati, Krishna wrote:
>
> You can add securrity constraints using security editor tool of RAD, in
> web.xml. Later you can define the groups in the deployment descriptor of
>
--
View this message in context: http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized-user-side-enters-the-jsf-statemachine-tp20766520p20789100.html
Sent from the MyFaces - Users mailing list archive at Nabble.com.
RE: [myfaces] How do i prevent, that an unautherized user side enters the jsf-statemachine
Posted by "Nutulapati, Krishna" <KN...@ussco.com>.
You can add securrity constraints using security editor tool of RAD, in
web.xml. Later you can define the groups in the deployment descriptor of
EAR and map the defined Roles. Later an IBM file with xmi extension will
be created automatically, based on your definition in descriptor file.
Now you EAR will be ready to deploy with security.
-----Original Message-----
From: GroovieMan [mailto:christian.groove@gmx.de]
Sent: Sunday, November 30, 2008 11:55 PM
To: users@myfaces.apache.org
Subject: [myfaces] How do i prevent, that an unautherized user side
enters the jsf-statemachine
Morning sirs,
i created a nice application with some jsp-pages, a sort of state
machine in my faces-config.xml and a dedicated login jsp-page.
I would like to make sure, that nobody may side enter a jsp-page,
without vistiting the login.jsp with a successful login and getting a
valid session.
Putting this into a controller would be too late, and the jsp-file looks
not be the proper file.
So what and where do i have to set/change something?
Is there a good example out there ?
Thank you for your help!
Groovie
--
View this message in context:
http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized
-user-side-enters-the-jsf-statemachine-tp20766520p20766520.html
Sent from the MyFaces - Users mailing list archive at Nabble.com.
Betr.: [myfaces] How do i prevent, that an unautherized user side enters
the jsf-statemachine
Posted by Willem Kunkels <Wi...@Koopmanint.com>.
Hi Groovy,
I had the same problem. User should not be able to enter any application
page without establishing a session first. I finally found the on-load
facility. Here's in detail what I did...
In faces-config.xml introduce a phase-listeren (this is the onload phase
listener):
<lifecycle>
<phase-listener>net.sf.jsfcomp.onload.OnLoadPhaseListener
</phase-listener>
</lifecycle>
This listener listens to page-load events.
In web.xml a section is inrtroduced which tells the OnloadPhaseListener
where to find the config file:
<!--
***** ON-LOAD*****
On load will allow you to activate a method when a page is loaded. This
method
can then produce an outcome based on which navigation can be done. Handy
if,
for example, a user navigates to a page inside a web-application
directly (you
can then re-direct to the start of the application if certain conditions
are
not met).
-->
<context-param>
<param-name>onload-config</param-name>
<param-value>/WEB-INF/on-load/onload-config.xml</param-value>
</context-param>
In the onload-config.xml there is a definiton what to do when an
application page is loaded. The checkIfLoCExists is a method in the
backing bean which returns an outcome used for navigation.
<?xml version="1.0" encoding="UTF-8"?>
<onload-config xmlns="urn:onload-config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:onload-config onload-config.xsd">
<navigation-rule>
<!-- prevent navigation to pages in the LoC application when the
user has not been to the main page (where a LoC must be
selected)
-->
<view-id>/LOC/pages/*</view-id>
<action>#{locDataPaginaServiceBean.checkIfLoCExists}</action>
<success-result>LoCExists</success-result>
</navigation-rule>
</onload-config>
The method mentioned:
/**
* Method to check whether a letter of credit exists when a page
is loaded.
* If not (or if there is no reference number in it), an outcome
is set that
* can be used to navigate to a different page (usually the main
page where
* a LoC can be selected).
*
* @return outcome to use for navigation purposes
*/
public String checkIfLoCExists() {
if (getLetterOfCredit() == null ||
getLetterOfCredit().getLocReferenceNumber() ==
null ||
getLetterOfCredit().getLocReferenceNumber().trim().length() == 0) {
return "LoCDoesNotExist";
}
return "LoCExists";
}
And, last but not least, in faces-config.xml a navigation-rule has been
defined which re-directs the outcome "LoCDoesNotExist" to the required
page (in your case a login page):
<navigation-rule>
<from-view-id>/LOC/pages/*</from-view-id>
<navigation-case>
<from-outcome>LoCDoesNotExist</from-outcome>
<to-view-id>/LOC/LetterOfCreditList.jspx</to-view-id>
<redirect />
</navigation-case>
</navigation-rule>
Of course, you also need the on-load jar in your web app (I am using
on-load-1.0.jar).
Regards,
Willem Kunkels
Java Developer
Koopman International BV
GroovieMan <ch...@gmx.de>
01-12-2008 06:54
Antwoord a.u.b. aan
"MyFaces Discussion" <us...@myfaces.apache.org>
Aan
users@myfaces.apache.org
Cc
Onderwerp
[myfaces] How do i prevent, that an unautherized user side enters the
jsf-statemachine
Morning sirs,
i created a nice application with some jsp-pages,
a sort of state machine in my faces-config.xml and
a dedicated login jsp-page.
I would like to make sure, that nobody may side enter
a jsp-page, without vistiting the login.jsp with a
successful login and getting a valid session.
Putting this into a controller would be too late,
and the jsp-file looks not be the proper file.
So what and where do i have to set/change something?
Is there a good example out there ?
Thank you for your help!
Groovie
--
View this message in context:
http://www.nabble.com/-myfaces--How-do-i-prevent%2C-that-an-unautherized-user-side-enters-the-jsf-statemachine-tp20766520p20766520.html
Sent from the MyFaces - Users mailing list archive at Nabble.com.