Redirect to the saved first requested url after loggin.

Splash Forums PrettyFaces Users Redirect to the saved first requested url after loggin.

This topic contains 9 replies, has 2 voices, and was last updated by  iyemane 6 years ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #17927

    iyemane
    Participant

    I use a filter class to manage a security roles, and if the resource is not authenticated it directs to the login page after saving the first requested url,

    but how to redirect after login….?

    Filter Class

    userSessionBean.setSaveRequestedURL(p.getRequestURL());

    ….

    and after login successful I want to direct to the requested url with its parameter from jsf action method

    Loginbean

    public String login(){

    ..

    return userSessionBean.getSaveRequestedURL() ;

    ..

    }

    If I just return the saved request url i will get resource unavailable error

    can you point me how to handle this?

    mojarra 2.1.1

    eclipse

    prettyfaces 3.2.0

    Thanks

    #20932

    I don’t think this is the best way to handle such a requirement.

    Here are some code examples taken from my project. Perhaps they will help you:

    My Filter:

    public class AuthenticationFilter implements Filter {

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
    throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;

    String uri = request.getRequestURI();

    /* TODO: authentication */
    boolean authenticated = .....

    if(authenticated) {

    chain.doFilter(servletRequest, servletResponse);
    return;

    }

    // redirect to login page
    response.sendRedirect(request.getContextPath() + "/login?url="+URLEncoder.encode(uri, "UTF8"));

    }

    /* .... */

    }

    So this filter will redirect all users that are not authenticated to the login page and adds the original URL to a query parameter named url.

    Here is my LoginBean that handles the authentication on the login page:

    @Named
    @RequestScoped
    @URLMapping(id = "login", pattern = "/login", viewId = "/login.jsf")
    public class LoginBean {

    private String username;

    private String password;

    @URLQueryParameter("url")
    private String redirectUrl;

    public String login() {

    User user = userDao.getUserByUsernameAndPassword(username, password);

    if(user == null)
    {
    MessageUtils.addLiteralErrorMessage("Invalid username or password.");
    return null;
    }

    if(redirectUrl != null) {

    try {

    // redirect to 'redirectUrl'
    FacesContext facesContext = FacesContext.getCurrentInstance();
    HttpServletResponse response = (HttpServletResponse) facesContext.getExternalContext().getResponse();
    response.sendRedirect(redirectUrl);
    facesContext.responseComplete();
    return null;

    } catch (IOException e) {
    throw new IllegalStateException(e);
    }

    } else {
    return "pretty:home";
    }

    }

    /* .... */

    }

    So after a successful login the bean will simply do a redirect to the URL found in the query parameter. If the query parameter does not exist for some reason, the user is redirected to a default page.

    I think this is the most elegant way of handling such things.

    #20933

    iyemane
    Participant

    Thanks Christian, that’s a great structured help.

    But still have some proplem with the AuthentiationFilter Class .

    String uri = request.getRequestURI();

    returns me the ViewId, ‘adminTasks.xhtml’

    whereas I want it to return the original pretty url request ‘/admin/tasks?smt=smt’

    It works using the PrettyContext class to get the RequestURL and QueryString, but to make sure if its elegant way.

    Sorry, I was starting on the security…

    Thanks

    #20934

    Place your AuthenticationFilter before the PrettyFilter. That should do the trick.

    #20935

    iyemane
    Participant

    It is before the PrettyFilter, but not able to get the original request.

    #20936

    Could you post the relevant parts of your web.xml?

    Its working with this in my projects:

    <filter>
    <filter-name>AuthenticationFilter</filter-name>
    <filter-class>com.example.webapp.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    <filter>
    <filter-name>Pretty Filter</filter-name>
    <filter-class>com.ocpsoft.pretty.PrettyFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>Pretty Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    If you are running in a Servlet 3.0 container make sure that the PrettyFaces filter is named exactly like this, because in this case your configuration will overwrite the configuration from the web-fragment.xml in the PrettyFaces archive.

    #20937

    BTW: I’m not sure if the FORWARD and ERROR dispatcher settings for the auth filter are really required. I think they aren’t. But I cannot test this at the moment.

    #20938

    iyemane
    Participant

    Thanks for your time…

    i think the problem is on the priority of the url pattern, even though the AuthenticationFilter is on the first order of the web.xml, it’s not executed first because the pretty filter ‘/*’ matches the requested…

    <filter-mapping>

    <filter-name>AuthenticationFilter</filter-name>

    <url-pattern>/restricted/*</url-pattern>

    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>

    <dispatcher>ERROR</dispatcher>

    </filter-mapping>

    <filter-mapping>

    <filter-name>Pretty Filter</filter-name>

    <url-pattern>/*</url-pattern>

    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>

    <dispatcher>ERROR</dispatcher>

    </filter-mapping>

    Or I need to consider my security solutions…

    #20939

    I don’t think that the url-pattern has any influence on the actual order of filter execution. But you could quick check this by changing the url-pattern of your AuthenticationFilter to /* and simply skip the authentication check in the filter if the URL contains the string /restricted/.

    BTW: Which container do you deploy to?

    #20940

    iyemane
    Participant

    Let me change and test that way, whereas I’m using Glassfish 3.0.1

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

Comments are closed.