2 Replies Latest reply on Dec 22, 2006 11:15 AM by Norman Richards

    session handling of users

    Saif KHan Newbie

      Greetings to all:

      I am making an application with jboss-seam, I have a problem with session handling of users.

      I am using a stateful session bean which is authenticating users from db. this bean has two fields in it username and password. on authentication I destroy the password and use username for the session tracking on JSF pages. In jsf pages i use JSTL tags to verify the user if he is logged in or not.

      Now my problems are:

      how can i restrict users from unauthorized access of pages.

      how can i redirect users to login page if their username does not exist in the session.

      how can i check if the form is submitted illeaglly.

      And in the last, am i following the right approach or there is a better way to do this in seam.

      i congrat gavin king on his great work and thank you all in advance.

        • 1. Re: session handling of users
          Mike Quilleash Newbie

           

          "ask4saif" wrote:

          how can i restrict users from unauthorized access of pages.


          Probably use a servlet filter for your web application. The filter intercepts all requests to the URLs it is mapped to. If you place something in the session context when a login is succesful the filter can check for the lack of this in the session and block access.

          Seam has a finer control mechanism for doing this via a custom interceptor if you only want to apply security to certain pages. See the docs.

          "ask4saif" wrote:

          how can i redirect users to login page if their username does not exist in the session.


          Use a RequestDispatcher in the filter described above to forward the request to the login page.

          "ask4saif" wrote:

          how can i check if the form is submitted illeaglly.


          Not sure what you mean by "submitted illegally"

          • 2. Re: session handling of users
            Norman Richards Master

            If you can't wait for the seam security stuff, have a look at the Seam DVD Store app. I think it does a good job of showing how to accomplish programatic access control. It uses page actions in pages.xml to accomplish this.