I have a dynamic web application in Java EE with JSF, Facelets, Richfaces.
My pages are all xhtml pages.
So JSTL isn't working in it.
For my account pages and all other private pages to be reachable, I want to test if the user got connected, so if the attribute session in HttpSession
is not null. If it's null, the user gets redirected in the welcome page.
I tried in my xhtml page :
<jstl:if test="${sessionScope['session']==null}">
<jstl redirect...>
</jstl:if>-->
but as it's not jsp page it won't work. So where am I supposed to test if the session is not null to allow the user to see his private pages ? in a central managed bean ?
The normal place for this is a
Filter
.Create a class which
implements
javax.servlet.Filter
and write the following logic in thedoFilter()
method:Map this filter in
web.xml
on anurl-pattern
of something like/private/*
,/secured/*
,/restricted/*
, etc.If you have the private pages in the
/private
folder then this filter will be invoked and handle the presence of the logged-in user in the session accordingly.Note that I renamed attribute name
session
touser
since that makes much more sense. TheHttpSession
itself is namely already the session. It would otherise been too ambiguous and confusing for other developers checking/maintaining your code.