Hello,
I need advice. I have small JSF application. This application is authorize via Web Service. Application is pure frontend, it doesn't has any bussines logic. Every bussines logic make Web Service.
I need authorize and authenticate this application. Not only action in faces-config.xml but any source pages what I need.
I try more possibilities but I don't find exactly for me.
1. LoginModule - problem with not correct URL, URL is one page late
2. ServletFilter map to specific url - problem with not correct URL, URL is one page late
3. ServletFilter map to whole app (http://blogs.sun.com/roller/page/alexismp?entry=authorization_servlet_filter_for_jsf) - recursive calling
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String contextPath = httpRequest.getContextPath();
String pathInfo = httpRequest.getPathInfo();
String relativePath = httpRequest.getServletPath() + " " + pathInfo + " " + contextPath;
System.out.println("AuthorizationFilter: " + relativePath);
if (!globalLoginURL.equals(pathInfo)) {
System.out.println("not same");
httpResponse.sendRedirect(contextPath + facesPrefix + globalLoginURL);
} else {
System.out.println("same");
chain.doFilter(request, response);
}
}
map to
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
4. NavigationHandler - secure only jsf action
5. PhaseListener - may be good but tighly coupled to JSF
6. jGuard and Gabriel - I mean not for my case
Anybody help me?
Thanks.