-
2. Re: best practice advice needed: checking for user session
pmuir May 10, 2006 7:01 AM (in response to kh2ouija)http://www.jboss.com/index.html?module=bb&op=viewtopic&t=74300
Is a general discussion on implementing security using JAAS and servlet security - if you follow the example posted by Louis you can easily secure a directory of pages. If the user isn't logged they get transparently redirected to the login page and from there to the page they originally requested. -
3. Re: best practice advice needed: checking for user session
gavin.king May 10, 2006 10:51 AM (in response to kh2ouija)You could continue using a servlet filter.
Or you can use a Seam page action mapped to view-id="*". -
4. Re: best practice advice needed: checking for user session
jw_ht May 10, 2006 12:50 PM (in response to kh2ouija)You can extend SeamExtendedManagedPersistencePhaseListener or SeamPhaseListener depending which one you are using.
You can do something like this:
if(event.getPhaseId()==PhaseId.RENDER_RESPONSE)
{
boolean isLoggedIn = Contexts.getSessionContext().get("loggedInUser")!=null;
if(!isLoggedIn)
{
FacesContext fc = event.getFacesContext();
ViewHandler vh = fc.getApplication().getViewHandler();
UIViewRoot newRoot = vh.createView(fc, LOGIN_PAGE);
fc.setViewRoot(newRoot);
}
else
{
// verify authorization
check permission here, set isValidPermission.
if(!isValidPermission)
{
FacesContext fc = event.getFacesContext();
ViewHandler vh = fc.getApplication().getViewHandler();
UIViewRoot newRoot = vh.createView(fc, AUTHORIZATION_ERROR_PAGE);
fc.setViewRoot(newRoot);
}
}
} -
5. Re: best practice advice needed: checking for user session
kh2ouija May 11, 2006 10:09 AM (in response to kh2ouija)Thanks for all your replies.
Well, I tried the servlet filter approach. It goes something like this:if (Contexts.getSessionContext().get(TOKEN_AUTHENTICATED) != null) { chain.doFilter(req, res); } else { ((HttpServletResponse)res).sendRedirect(LOGIN); }
Problem is, Contexts.getSessionContext() always returns null. How do I access the Seam contexts from a filter? I've searched the forums and haven't found any satisfactory answer. -
6. Re: best practice advice needed: checking for user session
gavin.king May 11, 2006 11:52 AM (in response to kh2ouija)You can't access Seam contexts from a servlet filter. However, I have an issue JBSEAM-138 that I plan to address which would let you set session variables from the filter.
-
7. Re: best practice advice needed: checking for user session
kh2ouija May 11, 2006 2:54 PM (in response to kh2ouija)I used a page action after all. It's basically the same as using a filter, but it feels more "integrated" with the rest of the application (and it works). Thanks all.