JSF Authentication check !!
Hi,
Can somebody help me with authentication?
I made a security check on phase listener on before phase according to:
http://forum.java.sun.com/thread.jspa?forumID=427&threadID=502322
it's working pritty ok.
But when I logout I can go with BACKBUTTON.
When I go to the previous page and for eg I will type something in inputText and press and actionButton the action will we done. How to secure an action in this case?
I thougt about some method which will be called every time the action is called.
And if it will be no user in session it will navigate to login page, but I don't know if it is a good approach.
[672 byte] By [
Alibaabaaa] at [2007-11-27 5:21:10]
# 1
First try to disable the browser cache by adding the following meta declarations to the <head>:
<meta http-equiv="cache-control" content="max-age=0, must-revalidate, no-cache, no-store, private">
<meta http-equiv="expires" content="-1">
<meta http-equiv="pragma" content="no-cache">
Further on, using javax.servlet.Filter is a better approach for authentication. I don't know how you're maintaining the authentication but you can find here an example to get some insights: http://balusc.xs4all.nl/srv/dev-jep-usf.html
# 3
Just add to the <head> of every page which shouldn't be cached. The <head> has nothing to do with layout.If you aren't using templates or include files, then you need to add it to every page which shouldn't be cached, yes.
