important: jstl-problem
what i want to do is to check if the person logged in..
i try it with jstl (not the best solution, but i thought the simpliest)
in my sessionBean i have a variable "tan" which is set when someone logs in..
private String tan="";
public String getTan()
{
return tan;
}
publicvoid setTan(String tan)
{
this.tan = tan;
}
now i want to check in a jsp-file (also sessionBean) if the user had logged in...
<c:choose>
<c:when test="${SessionBean1.tan!=''}">
....
</c:when>
<c:otherwise>
<jsp:forward page="/faces/StartPage.jsp"/>
</c:otherwise>
</c:choose>
but i always get an exception, doesn't matter if i am logged in or not...
Caused by: org.apache.jasper.JasperException: javax.servlet.jsp.JspException: null
and also:
Caused by: org.apache.jasper.JasperException: Exception in JSP: /FillCrossword.jsp:32
29:</ui:form>
30: </c:when>
31: <c:otherwise>
32:<jsp:forward page="/faces/StartPage.jsp"/>
33: </c:otherwise>
34: </c:choose>
35:
so it looks like that the forward isn't correct and also the <c:choose test=.... is wrong because even if I logged in, i get the exception with the forward
it would be very great if someone could help me!>
[1784 byte] By [
schaeflia] at [2007-11-27 2:12:56]
# 1
EditNevermind.Message was edited by: BalusC
# 2
what do you mean by that?
# 3
Doesn't matter. I was thinking the wrong way :) Hence "nevermind".
Anyway, best practice to check whether an user is logged in correctly or not is to implement a simple Filter.
Pseudocode:public class UserFilter implements Filter {
public void doFilter(request, response, chain) {
if (request.getSession().getAttribute("user") == null) {
// User is not logged in. Redirect to login.jsf.
response.sendRedirect("login.jsf");
} else {
// User is logged in. Proceed.
chain.doFilter(request, response);
}
}
}
In the login.jsf and the appropriate LoginBean you should build some logic to let the user login and if all validations are passed, then put the User object in the HttpSession. In logout, just remove the User object from the HttpSession.
See if you find it useful or not.
# 4
this filter looks really good, but i have a big problem...
i don't know how to use something like that!
I think I have to change the web.xml-file is that right? but what i have to write in it?
and how can I say all pages that they should call the filter?
It would be very helpfull if you could explain that to me!
Thanks
# 5
You can define filters in the web.xml. You can use the url-pattern "/*" to filter on all requests, or use "/pages/*" fo filter on the given subdirectory only. Also see http://java.sun.com/javaee/5/docs/tutorial/doc/ halfway at chapter 3.
Basic example:<filter>
<filter-name>UserFilter</filter-name>
<filter-class>mypackage.UserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This article however does not fully suit in your needs (I think), but might be worth reading: http://balusc.xs4all.nl/srv/dev-jep-usf.html
# 6
is the javax.servlet.Filter the right one?because in the do-method i have ServletResponse and ServletRequest and the don't have functions like getSession
# 7
ok, if I looked at your page and it seems that I can cast this two objects
# 8
It depends on the context and the implementation of the appserver to which object you can cast it. In this case, it is indeed HttpServletRequest.
# 9
i wanted to test my application, but i get an error (I user tomcat 5.5.17)
Error configuring application listener of class com.sun.faces.config.ConfigureListener
java.lang.NoClassDefFoundError: javax/faces/FacesException
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389)
at java.lang.Class.getConstructor0(Class.java:2699)
at java.lang.Class.newInstance0(Class.java:326)
at java.lang.Class.newInstance(Class.java:308)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3678)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4187)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
# 10
i am stupid, i solved this error ;-)
but, when i start my application following happens:
http://localhost:8084/MyApplication/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/faces/StartPage.jsp
like the name says, this is the first page which is accessed, and it is also the page to which i redirect if the user is not logged in, could that be the problem?
# 11
maybe you want to see my code:
this is my filter-class:
public class LoginFilter implements Filter{
private FilterConfig filterConfig = null;
/** Creates a new instance of LoginFilter */
public LoginFilter() {
}
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void destroy() {
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (httpRequest.getSession().getAttribute("username") == null) {
// User is not logged in. Redirect to login.jsf.
httpResponse.sendRedirect("faces/StartPage.jsp");
} else {
// User is logged in. Proceed.
chain.doFilter(request, response);
}
}
and my web.xml:
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
# 12
oh, and I have a question concerning the session-attribute "username"i do not have to create this, do I?
# 13
httpResponse.sendRedirect("faces/StartPage.jsp");
Remove the "faces/" part or replace it by "/WebAppName/faces/StartPage.jsp".
Oh, before I forget to mention, you might need to add a check if the current request isn't already "/WebAppName/faces/StartPage.jsp". You can do this by comparing the HttpServletRequest#getRequestURI(). Otherwise wou will come in an infinite redirect loop.
> oh, and I have a question concerning the session-attribute "username"
>
> i do not have to create this, do I?
Only create this if the login is succesful, then put the User object (or only an username string, if you want) in there.
# 14
if I make system.out.println(httpRequest.getRequestURI()) the result is:/MyApplication/ is that right so?
# 15
Can be right if you have invoked it by http://example.com/MyApplication.In first run it should redirect to the login page when the user is not set.
# 16
it works now, but i don't use html-components, but it in the browser the components look different now, like html-components, what should I do?
# 17
I don't understand you? Do you mean that the facesservlet is not being invoked?
# 18
i use the components from sun, but when i run my application, the buttons for example look different now. they don't look like sun-buttons but like html-buttonsdo you know what i mean?
# 19
i started the appliction a second time and now it looks like it should, I hope it works now...Thanks for your great help!
# 20
Oh, I see. Well, prolly the CSS files are also filtered. Filter on the actual JSF(JSP) pages only and not on the CSS and eventually image files. If you have stored the CSS in /WebApp/css/* and the actual JSF pages /WebApp/faces/*, then you have to set the url-pattern of the Filter to /faces/* instead of /*.
In the /WebApp root put an index.html file which forwards to the main page.
Edit
OK, it appears that it works now :) Cheers.
Message was edited by:
BalusC
# 21
so, but know i have another problem..
i have a logout-link which links to the StartPage..
here is the action-Methode:
public String hl_logout_action() {
// TODO: Replace with your code
FacesContext fc = FacesContext.getCurrentInstance();
HttpSession s = (HttpSession)fc.getExternalContext().getSession(true);
//s.invalidate();
getTeacherLoginBean().setName("");
getTeacherLoginBean().setPw("");
getTeacherLoginBean().setRole("");
getTeacherLoginBean().getTf_name().setText("");
getTeacherLoginBean().getPf_pw().setText("");
s.setAttribute("username", null);
return "logout";
}
when i request a page directly it works, even if i clicked the logout-link before
# 22
> so, but know i have another problem..I don't see a question or problem description? Please elaborate.
# 23
sorry...the problem is that if i click on the logout-link i will come to the startPage, that is ok, but when i try a direct request it works!it looks like the username-attribute isn't null!
# 24
do you know what i mean?
# 25
You said, "it works", so I don't understand it clearly, I think.
# 26
the problem is, that it works!After clicking on the logout-link i shouldn't be able to request a page directly, but the problem is that that works...
# 27
I see. Isn't it just the browser cache?Try to do some debugging or sysouts at the right places.
# 28
i debugged, and it looks like there is the username-attribute already in the session
# 29
So the username attribute isn't set to null correctly?
