2 Replies Latest reply on Dec 22, 2006 11:15 AM by norman.richards

    session handling of users

    ask4saif
    ask4saif Dec 22, 2006 5:39 AM

      Greetings to all:

      I am making an application with jboss-seam, I have a problem with session handling of users.

      I am using a stateful session bean which is authenticating users from db. this bean has two fields in it username and password. on authentication I destroy the password and use username for the session tracking on JSF pages. In jsf pages i use JSTL tags to verify the user if he is logged in or not.

      Now my problems are:

      how can i restrict users from unauthorized access of pages.

      how can i redirect users to login page if their username does not exist in the session.

      how can i check if the form is submitted illeaglly.

      And in the last, am i following the right approach or there is a better way to do this in seam.

      i congrat gavin king on his great work and thank you all in advance.

      • 1817 Views
      • Tags:
        • 1. Re: session handling of users
          quilleashm Dec 22, 2006 10:22 AM (in response to ask4saif)

           

          "ask4saif" wrote:

          how can i restrict users from unauthorized access of pages.


          Probably use a servlet filter for your web application. The filter intercepts all requests to the URLs it is mapped to. If you place something in the session context when a login is succesful the filter can check for the lack of this in the session and block access.

          Seam has a finer control mechanism for doing this via a custom interceptor if you only want to apply security to certain pages. See the docs.

          "ask4saif" wrote:

          how can i redirect users to login page if their username does not exist in the session.


          Use a RequestDispatcher in the filter described above to forward the request to the login page.

          "ask4saif" wrote:

          how can i check if the form is submitted illeaglly.


          Not sure what you mean by "submitted illegally"

            • Actions
          • 2. Re: session handling of users
            norman.richards Dec 22, 2006 11:15 AM (in response to ask4saif)

            If you can't wait for the seam security stuff, have a look at the Seam DVD Store app. I think it does a good job of showing how to accomplish programatic access control. It uses page actions in pages.xml to accomplish this.

              • Actions