Java Blog - Zen Style: Authentication Phase Listener

Wednesday, November 5, 2008

Authentication Phase Listener - JSF

Use Case: trying to secure every page (except for the login page). The user must be logged in. I am using application level authentication and not container managed.

Basically, the blogs I found mostly worked, but I would get a blank screen if there was an authentication failure. It ends up that you need to ensure that the navigation case in the faces-config.xml file has the

tag listed. Otherwise, you are always one page behind.

Here's the faces-config.xml entry:


<navigation-rule>        
        <navigation-case>
            <from-outcome>authFailure</from-outcome>
            <to-view-id>/index.jsp</to-view-id>
            <redirect/>
        </navigation-case>
</navigation-rule>

Then in your phase listener, if authentication fails, do this:


context.responseComplete();
context.getApplication().getNavigationHandler().handleNavigation(context, null, "authFailure");

The "authFailure" is the from-outcome in the faces-config.xml file

That's it...

1 comment:

Unknown said...: The solution doesn't work in my case. I needed to remove the folowing line to get the application to show the error page:

context.responseComplete();

Btw running responseComplete() means that the response is complete and nothing will be written to the response anymore.; September 29, 2009 at 7:09 AM

Java Blog - Zen Style

Wednesday, November 5, 2008

Authentication Phase Listener - JSF

1 comment:

About Me

Blog Archive