4 Replies Latest reply on Feb 24, 2012 4:30 AM by aogier

How does Seam 3 handles the “redirect to capture view” feature after login?

aogier Feb 15, 2012 1:37 PM

Hi,

I've just posted my question in stackoverflow, but perhaps there is a more active community here around Seam...

Here is my use cases.

I have a login page which is /public/login.xhtml. All my other pages are required to log-in before reaching them. They are in /pages/ directory.

I want that :

If my user access to http://host/myapp/pages/* it redirects him first to the login page, and then, to the URL he has firstly entered.
If my user access to http://host/myapp/, it redirects him first to the login page, and then, to/pages/home.xhtml.
If my user access to http://host/myapp/public/login.xhtml, it redirects him first to the login page, and then, to /pages/home.xhtml.
If my user access to http://host/myapp/public/login.xhtml and is already logged in, it redirects to /pages/home.xhtml.

What is working currently?

With Seam 3 (v3.1.0.Final) and the Security + Faces module, my use case n°1 is automagically working with :

@ViewConfig
public interface PagesConfig {
    static enum Pages {
        @ViewPattern("/pages/*")
        @LoginView("/public/login.xhtml")
        @LoggedIn
        LOGGED_IN_PAGES,
    }
}

My problem is that I don't understand how Seam's working to do that redirection to the "capture view".

With Seam 2, it was easy to understand, in components.xml we had

<event type="org.jboss.seam.security.notLoggedIn">
    <action execute="#{redirect.captureCurrentView}" />
</event>
<event type="org.jboss.seam.security.loginSuccessful">
    <action execute="#{redirect.returnToCapturedView}" />
</event>

So we captured the events notLoggedIn and loginSuccessful to handle that with a redirectcomponent.

In Seam 3, I didn't found that configuration : nothing seems to @Observes LoggedInEvent, and there is no Redirect class...

The point n°2 is achieved with that /index.htm file :

<html><head>
    <meta http-equiv="Refresh" content="0; URL=pages/home.xhtml">
</head></html>

But for my point n°3, I've tried solutions which don't fully work.

First I tried that in login.xhtml :

<f:metadata>
    <s:viewAction action="#{loginAction.redirectToHome}" if="#{identity.loggedIn}" immediate="true" />
</f:metadata>

And with or without onPostback="true", after I login, I'm still in the login page with that error message (twice) : "Unable to find matching navigation case with from-view-id «/public/login.xhtml» for action «#{identity.login}» with outcome «success».". It's only if I now re-access tohttp://host/myapp/public/login.xhtml that my viewAction redirects me to the home.

I also tried that navigation-rule in faces-config.xml :

<navigation-rule>
    <from-view-id>/public/login.xhtml</from-view-id>

    <navigation-case>
        <if>#{identity.loggedIn}</if>
        <to-view-id>/pages/home.xhtml</to-view-id>
        <redirect />
    </navigation-case>
</navigation-rule>

But then, my use case n°1 was disabled : every time I logged-in, I was redirected to the home.

Finally, for my point n°4, the s:viewAction does the job.

So does somebody knows the best practices in order to correctly handle those 4 use cases (which I think are common use cases), especially the point n°3?

1. Re: How does Seam 3 handles the “redirect to capture view” feature after login?

lightguard Feb 15, 2012 5:09 PM (in response to aogier)

Hm, I'm not really sure what's going on here. We'd have to dig in a bit.
Actions
2. Re: How does Seam 3 handles the “redirect to capture view” feature after login?

bleathem Feb 15, 2012 6:06 PM (in response to aogier)

Use case No. - 1 SeamFaces stores the originally requested viewId in the user Session, then re-routes to that view after the successful login. It does this by intercepting the navigation from the Seam Security login button, and fires a PostLoginEvent with the data stored in the SessionMap.
Use case No. 2 - nice solution with the redirect! You could also do this with a @UrlMapping in your ViewConfig.
Use case No. 3 - Your viewAction solution should work, but I believe you are coming across SEAMFACES-179. There are a couple of solutions you can use:
1) In your login method, you can manipulate the seesion map stored by the Seam Faces, as demonstrated in this gist -- (this solution courtesy of Cody Lerum)
2) Use PrettyFaces to intercept the request for the login view, and rediret you if you are not logged in.
1 of 1 people found this helpful
Actions
3. Re: How does Seam 3 handles the “redirect to capture view” feature after login?

aogier Feb 20, 2012 8:22 AM (in response to bleathem)

Thank you for your reply, I'm trying to implement your 1) solution, but to do that, I must disable theLoginListener of Seam to use mine... and I don't manage to do it Here is what I'm facing now :
http://stackoverflow.com/questions/9332311/how-to-use-alternative-extending-a-concrete-class-in-a-webapp.

By the way, I've added a comment to SEAMFACES-179.
Actions

4. Re: How does Seam 3 handles the “redirect to capture view” feature after login?

aogier Feb 24, 2012 4:30 AM (in response to aogier)

(this is a copy of my reply on stackoverflow)

Finally here is what I did.

<f:metadata>
    <s:viewAction action="#{loginAction.redirectToHome}" immediate="true" />
</f:metadata>

So I removed the if="#{identity.loggedIn}" in order to call my redirectToHome method which redirects to the /pages/home.xhtml.

If the user is already authenticated, then he is redirected to the home page.
If he's not, then it is redirected to the home page, which redirects him to the login page thanks to my @ViewConfig

Here is the loginAction :

public void redirectToHome() throws IOException {
    externalContext.redirect(externalContext.encodeActionURL(externalContext.getRequestContextPath()+"/pages/home.xhtml"));
}

The problem I faced then was when I logged out.

Here is my logout action :

<h:commandLink  action="/public/login" actionListener="#{securityAction.logout()}" value="Disconnect" immediate="true" />

And the securityAction.logout() method :

public void logout() {
    identity.logout();
    if (!conversation.isTransient()) {
        conversation.end();
    }
}

The problem is that I was redirected to the login page (thanks to the @ViewConfig I think), but noPreLoginEvent were thrown, so the Seam LoginListener.observePreLoginEvent wasn't called, and so my previous URL wasn't put in session. So when I logged in (immediatly after logout), I was stuck on the login page, but was logged in.

Thanks to Brian Leathem and he's previous answer, here is what I did : in my authenticate method of my BaseAuthenticator, I called that method after authentication :

private void overrideRedirectToLogin() {
    final String PRE_LOGIN_URL = LoginListener.class.getName() + "_PRE_LOGIN_URL";
    final ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
    final Map<String, Object> sessionMap = externalContext.getSessionMap();
    String redirectURL = (String) sessionMap.get(PRE_LOGIN_URL);

    if (redirectURL == null) {
        final HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
        redirectURL = request.getRequestURL().toString();
    }

    sessionMap.put(PRE_LOGIN_URL, redirectURL.replace("/public/login.xhtml", "/pages/home.xhtml"));
}

With that solution, my previous URL wasn't set in session, but at least, my user is redirected to the home page.

Go to original post