You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by Patrick B Haggood <co...@email.com> on 2005/04/22 23:58:28 UTC
JSF problem with sessions; not strictly MyFaces
Not sure if I'm doing this correctly; but I'm about to deploy my first
JSF app. I'm testing on my internal network; if I login on machine 1,
machine 2 has access to machine 1's session (i.e. if I login as Admin on
machine 1, then goto machine 2 and login as User, the admin screen is
displayed also on machine 2).
LoginBean has username/pwd fields populated from the JSF page that
automatically instantiates the bean.
// attempt login
public void login() {
User newUser = getUserByUserPass(lbean.getLoginname(), lbean
.getLoginpass());
if (newUser == null)
setGuestUser();
else
lbean.setCurrentUser(newUser);
}
LoginBean is session managed:
<managed-bean>
<description>Login bean</description>
<managed-bean-name>LoginBean</managed-bean-name>
<managed-bean-class>
net.codezilla.trinity.service.LoginBean
</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
To make this multiuser, should I be explicitly creating a new
HTTPSession here in the login function and storing the LoginBean there?
Could this be a problem because i'm using NAT? If so, any external user
with NAT on their LAN would have the same problem, correct?
Re: JSF problem with sessions; not strictly MyFaces
Posted by Patrick B Haggood <co...@email.com>.
On Fri, 2005-04-22 at 17:58 -0400, Patrick B Haggood wrote:
> (description of shared session/multi-user problem deleted)
Figure it out, in case anyone else has this problem. I was using
getSession(true/false) incorrectly. Now my backing beans (i.e.
UserController for all userpages), when they request a pointer to the
Service layer, get one that's already initalized from the session with
the current user (and connection info to boot).
Here's the corrected login and other dependent functions:
========================
public String userLogin(){
String nextPage = null;
// loginbean contains username, id, etc used to authenticate from db
LoginBean lb = new LoginBean();
// defaultcontroller is backing bean controlling login
lb.setCurrentUser(defaultController.getAppService().login(loginname,loginpass));
if (lb.isUserLoginStatus()){
if (lb.isAdminLoginStatus()){
activeController = new AdminController();
nextPage = "adminmanager";
}
else{
activeController = new UserController();
nextPage = "usermanager";
}
// save user in session
setUserSession(lb); <<-------magic happens here
}
return nextPage;
}
private void setUserSession(LoginBean lb){
// create new session
session = (HttpSession)
FacesContext.getCurrentInstance().getExternalContext().getSession(true);
// create a new loginbean
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put("loginbean",lb);
}
================
UserController.java extends AppController
// get list of groups to which currently logged in user is a member
public List getSelectUserGroupList() {
int currentUser =
getActiveLogin().getCurrentUser().getUserpk().intValue();
// grab a service pointer to execute this request
this.selectUserGroupList =
ListItemArrayListToSelectItem(getAppService().getUserMemberList(currentUser));
return selectUserGroupList;
}
==================
AppController.java
// do we have a service pointer? if not, init one.
public MateoConsultingService getAppService() {
if (appService ==null){
appService = new MateoConsultingService();
}
// get loginbean from session via facescontext
appService.setActiveUser(getActiveLogin().getCurrentUser());
// also get application-scoped connection pool pointer
appService.setMyConn(getActiveConnection());
// be vocal about it
System.out.println("Activity for user " +
getActiveLogin().getCurrentUser().getUserfullname());
return appService;
}
public LoginBean getActiveLogin() {
if (activeLogin == null){
activeLogin = (LoginBean)
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("loginbean");
}
return activeLogin;
}