-2

this is how i solved my problem. :) my pages which i want to protect are located inside cPanel folder. this is my LoginAdmin bean.

@ManagedBean(name = "loginAdmin")
@SessionScoped
public class LoginAdmin implements Serializable {
    private static final long serialVersionUID = 1L;
    private String username;
    private String password;
    boolean loggedIn;

    public boolean isLoggedIn() {
        return loggedIn;
    }
    public void setLoggedIn(boolean loggedIn) {
        this.loggedIn = loggedIn;
    }
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public void login(ActionEvent actionEvent) {
        FacesMessage msg = null;
        if (username.equals("Administrator") && password.equals("store1")) {
            try {
                msg = new FacesMessage(FacesMessage.SEVERITY_INFO, "Welcome",
                        username);
                FacesContext.getCurrentInstance().getExternalContext()
                        .redirect("/eHUB/cPanel/index.xhtml");
                loggedIn = true;
            } catch (IOException e) {
                e.printStackTrace();
            }
        } else {
            msg = new FacesMessage(FacesMessage.SEVERITY_WARN, "Login Error",
                    "Invalid User Name or Password");
            loggedIn = false;
        }
        FacesContext.getCurrentInstance().addMessage(null, msg);
    }
    public void logout(ActionEvent actionEvent) throws IOException {
        ((HttpSession) FacesContext.getCurrentInstance().getExternalContext()
             .getSession(false)).invalidate();
        loggedIn = false;
        FacesContext.getCurrentInstance().getExternalContext().redirect("login.xhtml");
    }
}

and this is my filter code:

@WebFilter("/cPanel/*")
public class RestrictFilter implements Filter {
    private FilterConfig fc;


    public RestrictFilter() {

    }


    public void destroy() {

    }


    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        LoginAdmin loginAdmin = (LoginAdmin) request.getSession().getAttribute("loginAdmin");
        String loginURL = request.getContextPath() + "/login.xhtml";
        if(loginAdmin != null && loginAdmin.isLoggedIn()){
            chain.doFilter(req, res);
        }
        else{
            response.sendRedirect(loginURL);
        }
    }


    public void init(FilterConfig fConfig) throws ServletException {
        this.fc = fConfig;
    }

}

this is working perfectly. please add vote against this post. thank you once again. :)

Umair
  • 860
  • 2
  • 13
  • 30
  • 1
    You forgot to tell about the concrete problem you have with this code. – BalusC Apr 14 '13 at 11:27
  • i want that a user must enter his/her credentials before viewing index.xhtml page. in the current situation user can view index.xhtml page without login page. this is my concrete problem. – Umair Apr 14 '13 at 11:52

2 Answers2

1

I have the same problem but I have just resolved it. This is my solution : first you have to create a folder in WebContent named " pages" for example in which you put all your protected xhtml pages( index.xhtml in your case) and let the login.xhtml in the webcontent folder. you have to change the filter in the web.xml to 

<filter>
<filter-name>RestrictFilter</filter-name>
<filter-class>com.kicsit.ehub.filters.RestrictFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RestrictFilter</filter-name>
<url-pattern>/pages/*</url-pattern>


<welcome-file-list>
    <welcome-file>welcome.jsp</welcome-file>
</welcome-file-list>

in the welcome.jsp put this line : <% response.sendRedirect("login.jsf"); %> then redirection will work normally.

Andromida
  • 1,095
  • 1
  • 11
  • 28
1

web.xml:-

![MainPanel is Secure][1]

<filter>
        <filter-name>loginFilter</filter-name>
        <filter-class>aksa.sc.util.AccessFilter</filter-class>
        <init-param>
            <param-name>test-param</param-name>
            <param-value>This parameter is for testing.</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>loginFilter</filter-name>
        <url-pattern>/secure/*</url-pattern>
    </filter-mapping>

AccessFilter:-

public class AccessFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        String testParam = filterConfig.getInitParameter("test-param");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        HttpSession session = httpServletRequest.getSession(true);

        // Get the IP address of client machine.
        String ipAddress = request.getRemoteAddr();

        // Log the IP address and current timestamp.
        // System.out.println("IP "+ipAddress + ", Time "+ new
        // Date().toString());
        if (httpServletRequest.getRequestURL().toString().contains("/scTheme/")) {
            if (session == null || session.getAttribute("userName") == null) {
                httpServletResponse.sendRedirect("/scTheme/login.xhtml");
            }

        }
        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
        //

    }
}
Dave Jarvis
  • 30,436
  • 41
  • 178
  • 315
Az.MaYo
  • 1,044
  • 10
  • 23