How to implement multiple user Login using sessions in JSF

Question

I am new to JSF, I am working on web project.

1. I want to implement Login system, where multiple users can Login. Just like Facebook or any other website where you give username and password and access you account.

2. The other thing I want is, if a user is not logged in and he wants to access a (restricted) url he must be redirected to Login page.

I do not even know where to start, however I know how to do 'session tracking' in Servlet.

can anyone suggest me good example or help me by a sample code.

Answer 1

As far as I know JSF has no special authentication function.

• write your own authentication. Only suitable for very simple scenarios (no role based authorization, etc.)
  1. Write a Filter to control page access (check your session. If the user isn't logged in, redirect him to login page)
  2. Build a login page, check users credentials and set the login flag
  3. Build a logout method to erase the flag inside the users session
• use container manged security Java EE 5 Tutorial
• use third party library like Apache Shiro or Spring Security

Answer 2

1. Save the login data in a session scoped Bean. Here you have a complete JSF tutorial with some examples and source code. Check the part about Managed Beans I.

2. A basic way to implement that is to check if the user is logged (there is a valid Login Bean stored in session) when he accesses a page. If it isn´t, redirect to login page. This is about checking if the user is logged in with Phase Listeners