I'm developing an application in JSF, where I have a login screen that has a page filter as a business rule, where the user can access the other pages if they start a session.
My application has a certain Timeout, which when hit, I would like the page to self-redirect and go straight to my login page, but what happens in practice is that I need to press Ctrl + F5 to refresh and then go to the login screen.
Below the code in xhtml:
<ui:define name="cont_principal">
<div class="conteudo">
<div id="container">
<p:messages class="ui-messages-mensagem" id="msg" showDetail="true" autoUpdate="true" closable="true"/>
<br></br>
<div id="titulo_page">Área Restrita</div>
<div id="login_box">
<div id="logo_login">
<h:graphicImage value="/RESOURCES/icons/login/icons_login.png" id="login_title" />
</div>
<div id="titulo_login">Login</div>
<h:form id="formLogin" enctype="multipart/form-data">
<p:panelGrid columns="2" class="withoutBorder" >
<h:outputLabel id="info_login"> <h:graphicImage url="/RESOURCES/icons/login/icons_user.png" class="login_icon" /></h:outputLabel>
<p:inputText value="#{login.usuario}" id="login" class="input-login"/>
<h:outputLabel id="info_senha"> <h:graphicImage url="/RESOURCES/icons/login/icons_password.png" class="login_icon" /></h:outputLabel>
<p:password value="#{login.password}" id="senha" class="input-login"/>
<p:watermark for="login" value="Usuário"/>
<p:watermark for="senha" value="Senha" />
</p:panelGrid>
<br/>
<div>
<p:commandButton id="btnEntrar" icon="ui-icon-unlocked" value="Entrar"
action="#{login.logarNoSistema}" />
</div>
How is my Filter:
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession();
FacesContext context = FacesContext.getCurrentInstance();
String loginURI = request.getContextPath() + "/RESOURCES/paginas/login.xhtml";
boolean loggedIn = session != null && session.getAttribute("user") != null;
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
boolean resourceRequestCSS = request.getRequestURI().contains("/RESOURCES/css");
boolean resourceRequestIcons = request.getRequestURI().contains("/RESOURCES/icons");
if (loggedIn || loginRequest || resourceRequest || resourceRequestCSS || resourceRequestIcons) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI); }
}
Filter in web.xml:
<filter>
<filter-name>filtro</filter-name>
<filter-class>br.com.map.filter.filtroURL</filter-class>
</filter>
<filter-mapping>
<filter-name>filtro</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
And finally I'm tempted to use PhaseListener :
private String getLoginPath() {
return "/RESOURCES/paginas/login.xhtml";
}
@Override
public void afterPhase(PhaseEvent arg0) {
FacesContext facesContext = FacesContext.getCurrentInstance();
if (!facesContext.getPartialViewContext().isAjaxRequest() || facesContext.getRenderResponse()) { // not ajax or too late
return;
}
HttpServletRequest request = HttpServletRequest.class.cast(facesContext.getExternalContext().getRequest());
if (request.getDispatcherType() == DispatcherType.FORWARD && getLoginPath().equals(request.getServletPath())) { // isLoginRedirection()
final String redirect = facesContext.getExternalContext().getRequestContextPath() + request.getServletPath();
try {
facesContext.getExternalContext().redirect(redirect);
// facesContext.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR,
// "Sessão Expirada", "Entre novamente com seu login e senha"));
} catch (IOException e) {
}
}
}