I have a JSF 2.3 application.
In my LoginBean, the username and password entered by the user are varified and then the user is redirected to the URL initially inquired: for example if the user inquires:
http://myhostname/admin/manage.jsf
then because every resource under http:///admin requires authentication, the user is first redirected to the logon view, something like
http://myhostname/login/login.jsf
and then, upon successful authentication, they are redirected to their initially inquired URL (in this case, the first URL above)
However, if the initially inquired URL is a view that does not exist, i.e.
http://myhostname/admin/nonExisting.jsf
after the user gets authenticated, nothing happens: He / she is neither shown an error page, nor an erroneous log entry is made in the logs. Just the user remains on the login page.
How could I solve this?!
I added an error handling in the facelet like this:
<p:growl id="messages" autoUpdate="true" showDetail="true" />
and then, for the logon button:
<p:commandButton action="#{loginBean.login}" value="Log In" update="#form"/>
Now, when a non-existing view is returned, I do see the warning message:
but how coul I handle it earlier?
Related
A Java EE 8/SE 8 web application in deployement runnnig on Glassfish 5 build 25 both production and development, uses jsf 2.3. users create accounts and login. there is a 'logout' button for loging out.
Problem: 'logout' button works as expected everywhere on the website. EXCEPT home page (example.com) & (example.com/home.xhtml). the problem does not exists on my local computer. only in production (example.com).
So I have a template called : index.xhtml . all pages use it, including home.xhtml:
<ui:composition template="index.xhtml">
<ui:define name="top-bar">
<c:if test="#{request.remoteUser ne null}">
<h:form ><h:commandButton value="Log out" action="#{registerAdvanced.logout}"/></h:form>
</c:if>
</ui:define>
and
#Named
#RequestScoped
public class RegisterAdvanced extends BaseBacking implements Serializable {
public String logout() {
try {
getRequest().logout();
getContext().getExternalContext().getSessionMap().remove("user");
return REDIRECT_PAGE;
} catch (ServletException ex) {
return REDIRECT_PAGE;
}
}
}
Users login & logout fairly easily until I noticied that clicking on logout on the home page (home.xhtml) prints a null pointer exception AND redirect to 404 error page.
[[/home.xhtml #450,77 value="#{passesTestBean.displayPassSummaryList}": java.lang.NullPointerException
javax.el.ELException: /home.xhtml #450,77 value="#{passesTestBean.displayPassSummaryList}": java.lang.NullPointerException
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:119)
at com.sun.faces.facelets.component.UIRepeat.getValue(UIRepeat.java:314)
at com.sun.faces.facelets.component.UIRepeat.getDataModel(UIRepeat.java:256)
at com.sun.faces.facelets.component.UIRepeat.setIndex(UIRepeat.java:507)
at com.sun.faces.facelets.component.UIRepeat.process(UIRepeat.java:557)
at com.sun.faces.facelets.component.UIRepeat.processDecodes(UIRepeat.java:861)
at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:1258)....
part of jsf where there is a call to value="#{passesTestBean.displayPassSummaryList}" is 100% seperate to logout and PassesTestBean CDI is request scope.
so the problem is SOMEHOW when I click on logout button. PassesTestBean is called for no reason and not since jsf must Initialize (since Request Scoped). it ends up returning null.
Now remember this only happens in: production at example.com AND only home page of all pages.
I'm thinking of writing a page only for loging out: has a log out button only.
Check for null pointer exception
getRequest().logout(); //here
getContext().getExternalContext().getSessionMap().remove("user");//here
I have two facelets pages (login.xhtml and user-registration.xhtml). In the login page I have two forms, one for the login and another for the user registration (where I only ask for the email and password twice).
I would like to pass the email and password as attributes from the user registration form to the user-registration.xhtml page (where I ask for the rest of the user registration fields). I don't want to pass them as parameters in the GET url for security reasons.
Can I pass them as attributes while doing a redirect to the user-registration.xhtml page?
you can use this
<p:button outcome="page2" >
<f:param name="nameofData" value="theInformation"></f:param>
</p:button>
I suppose that this composant is in the page1.xhtml and the page1 and page2 are in the same folder (in case note you need to change your outcome) , and for your param you will send theInformation with a name in our case it is nameofData and you will get the informations with nameofData.
Hope that helped you
I have a JSF commandButton, simply should submit a form,
<h:form role="form" enctype="multipart/form-data">
....
<h:commandButton id="submit" value="add"
onclick="return validate('submitForm')"
action="#{propertyBean.submit}"
class="btn btn-green btn-lg arabic"
rendered="#{propertyBean.isNew == true}">
</h:commandButton>
</h:form>
the button is working okey on localhost but when I deploy the application on a server I get this error
HTTP Status 404 - /500.shtml
type Status report
message /500.shtml
description The requested resource is not available.
the action method is never called, as the backing methods prints a statement as its called.
This problem is two-fold. A HTTP 500 error occurred (usually, because an exception was thrown), so the container needs to display a HTTP 500 error page which was in your case apparently registered as /500.shtml, but the container could in turn not find that file and hence the HTTP 404 error on that file.
In order to find out the problem causing the method not being invoked, you've 2 options:
Read the server logs to find the exception.
Register a valid HTTP 500 error page and let it print the stack trace.
Once having the real exception at hands, you can easily solve the underlying problem.
I am trying to intercept a session time-out when a user click on commadLink that shows a modal panel. So far, I haven't been successful...
Example :
<a4j:commandLink execute="#form" oncomplete="#{rich:component('ContactModalPanel')}.show(); return false;" limitRender="true" render=":ContactModalPanelSubViewForm:ContactDataTable">
Many thanks,
JSF 2.1
RichFaces 4.3.3.Final
I'm new at Spring Security. I'm using jsf2 with spring security 3. Three questions:
How can I access, from a session managed bean, the user info (name,password,roles) of the user currently logged in?
In order to use it in a view, for example for rendering elements depending on the roles of the user.
How can I know if a user is logged in? In order to show in a view a "login link" if the user is not logged in, or a "logout link" if the user is logged in. Which property of Spring Security do I have to use in my managed bean to store this info and use it in the view?
The "login link" is just a GET request to the URL of the login page. But how can I show "logout link"? Do it have to be a POST request and use "h:commandLink" like this?:
<h:commandLink value="Logout" action="#{request.contextPath}/j_spring_security_logout" />
Or can it be a GET request?:
<h:link value="Logout" outcome="#{request.contextPath}/j_spring_security_logout" />
Thank you very much in advanced.
The object authentication is who save this properties, you can obtain with next line in your managedBean:
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
A user is logged if his Authentication is not a instace of AnonymousAuthenticationToken, in your spring-security-context.xml you must define the urls intercepted by Spring.
The first interceptor is not analyzed by Spring. In this case the Authentication object is an instance of AnonymousAuthenticationToken.
The second interceptor is analyzed by Spring and the user is redirected to login page declared in spring-security-context.xml
/* This is a example for to obtain the rol name for example for generate automatic menu */
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String namePrincipalRol = null;
if (auth instanceof AnonymousAuthenticationToken) {
namePrincipalRol = "ROLE_ANONYMOUS";
} else {
namePrincipalRol = auth.getAuthorities().iterator().next().getAuthority();
}
Good question, I am not sure but I think I remember having read that it must be POST, would be interesting to try. I use h:outputLink
Kind regards.