{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叼着烟拽天下 的问题《How to retrieve a session scoped managed bean in a》','https://www.manongdao.com/q-952786.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm having troubles in setting an Authorization Listener (that implements PhaseListener) to manage authentication and autorization.
More specifically, I set a session scoped bean called SessionBean:
@ManagedBean
@SessionScoped
public class SessionBean{
private String loggedUser;
public SessionBean(){
logger.info("Sono nel costruttore di SessionBean()");
}
public String login(){
....
}
...
}
And in my sun-web.xml:
<managed-bean>
<managed-bean-name>SessionBean</managed-bean-name>
<managed-bean-class>it.uniroma3.acme.auction.bean.SessionBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
In login() I make controls on username/password and if successful I set "loggedUser".
My AuthorizationListener is:
public class AuthorizationListener implements PhaseListener {
private String currentUser;
private SessionBean sessionBean;
public void afterPhase(PhaseEvent event) {
SessionBean sessionBean = (SessionBean)event.getFacesContext().getExternalContext().getSessionMap().get("SessionBean");
String currentUser = sessionBean.getLoggedUser();
if (sessionBean != null) {
...
String currentUser = sessionBean.getLoggedUser();
}
else {
...
}
}
...
}
And in the sun-web.xml:
<!-- Authentication and authorization block starting -->
<lifecycle>
<phase-listener>AuthorizationListener</phase-listener>
</lifecycle>
<navigation-rule>
<from-view-id>/*</from-view-id>
<navigation-case>
<from-outcome>loginPage</from-outcome>
<to-view-id>login.jsf</to-view-id>
</navigation-case>
</navigation-rule>
<!-- Authentication and authorization block ending -->
But I receive a null pointe sessionBean.getLoggedUser(). So, the SessionBean is still not created when the AuthorizationListener check the user. This is why I added a "if SessionBean doesn't exists, create it and put it in SessionMap", but still not working.
I'm not forced to use this approach for authentication and authorization, but what I need is to avoid "session.setAttribute("username", username). So any other strategy would be really apreciated. Thanks, Andrea
EDIT: as BalusC suggested, I edited the afterPhase method. Still having troubles with always null SessionBean.
Here in your code, in your phaseListener, you did not tell in which Phase exactly you would implement the code and you should call your managed bean. You should do this in
RESTORE_VIEWPhase inAuthorizationListeneroverride methodgetPhaseId(). See the following:If your managed bean is still null, remove managed bean annotations, register it in
faces_config, and use this helper method in phase listener to call the managed bean:To call it in after phase method, use:
The
@ManagedPropertyworks in@ManagedBeanclasses only. YourPhaseListenerisn't.You need to manually get it from the session map.
Note that it can be still
nullon the very first HTTP request.The common approach, however, is to use a servlet
Filterfor the job, not aPhaseListener. The session scoped managed bean is available as a session attribute.