KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > enterprise > jsf_jpa_war > AuthenticationPhaseListener


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the License at
8  * https://javaserverfaces.dev.java.net/CDDL.html or
9  * legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permission and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * your own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * [Name of File] [$Id: AuthenticationPhaseListener.java,v 1.2 2006/10/12 14:54:39 abadea Exp $] [Date]
22  *
23  * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
24  */

25
26 package enterprise.jsf_jpa_war;
27
28 import javax.el.ELContext;
29 import javax.el.ValueExpression;
30 import javax.faces.FacesException;
31 import javax.faces.context.ExternalContext;
32 import javax.faces.context.FacesContext;
33 import javax.faces.event.PhaseEvent;
34 import javax.faces.event.PhaseId;
35 import javax.faces.event.PhaseListener;
36
37 /**
38  * <p>This <code>PhaseListener</code> will be take action before
39  * the <code>Restore View</code> phase is invoked. This allows
40  * us to check to see if the user is logged in before allowing them
41  * to request a secure resource. If the user isn't logged in, then
42  * the listener will move the user to the login page.</p>
43  * @author rlubke
44  */

45 public class AuthenticationPhaseListener implements PhaseListener {
46     
47     /**
48      * <p>The outcome to trigger navigation to the login page.</p>
49      */

50     private static final String JavaDoc USER_LOGIN_OUTCOME = "login";
51        
52     // ---------------------------------------------- Methods from PhaseListener
53

54     /**
55      * <p>Determines if the user is authenticated. If not, direct the
56      * user to the login view, otherwise all the user to continue to the
57      * requested view.</p>
58      *
59      * <p>Implementation Note: We do this in the <code>afterPhase</code>
60      * to make use of the <code>NavigationHandler</code>.</p>
61      */

62     public void afterPhase(PhaseEvent event) {
63         FacesContext context = event.getFacesContext();
64        
65         if (userExists(context)) {
66             // allow processing of the requested view
67
return;
68         } else {
69             // send the user to the login view
70
if (requestingSecureView(context)) {
71                 context.responseComplete();
72                 context.getApplication().
73                         getNavigationHandler().handleNavigation(context,
74                                                                 null,
75                                                                 USER_LOGIN_OUTCOME);
76             }
77         }
78     }
79
80     /**
81      * <p>This is a no-op.</p>
82      */

83     public void beforePhase(PhaseEvent event) {
84     }
85
86     /**
87      * @return <code>PhaseId.RESTORE_VIEW</code>
88      */

89     public PhaseId getPhaseId() {
90         return PhaseId.RESTORE_VIEW;
91     }
92     
93     // --------------------------------------------------------- Private Methods
94

95     /**
96      * <p>Determine if the user has been authenticated by checking the session
97      * for an existing <code>Wuser</code> object.</p>
98      *
99      * @param context the <code>FacesContext</code> for the current request
100      * @return <code>true</code> if the user has been authenticated, otherwise
101      * <code>false</code>
102      */

103     private boolean userExists(FacesContext context) {
104         ExternalContext extContext = context.getExternalContext();
105         return (extContext.getSessionMap().containsKey(UserManager.USER_SESSION_KEY));
106     }
107     
108     /**
109      * <p>Determines if the requested view is one of the login pages which will
110      * allow the user to access them without being authenticated.</p>
111      *
112      * <p>Note, this implementation most likely will not work if the
113      * <code>FacesServlet</code> is suffix mapped.</p>
114      *
115      * @param context the <code>FacesContext</code> for the current request
116      * @return <code>true</code> if the requested view is allowed to be accessed
117      * without being authenticated, otherwise <code>false</code>
118      */

119     private boolean requestingSecureView(FacesContext context) {
120         ExternalContext extContext = context.getExternalContext();
121         String JavaDoc path = extContext.getRequestPathInfo();
122         return (!"/login.jsp".equals(path) && !"/create.jsp".equals(path));
123     }
124 }
125
Popular Tags