I am using JSF2 and Websphere 8. I have a login filter that authenticates the user using j_securitycheck. After successful authentication it puts the logged in user in a session.
After this step, Session Management Phase Listener gets executed which checks if the user has requested a protected resource and is a valid user by retrieving the logged userid from the session. I am able to retrieve the session but when i look for session.getAttribute("userid") it returns null value.
I have tried with Session Filter instead of Session Management Phase Listener. But no luck. Here is the code snippet. Appreciate your help.
Login Filter:
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
//authenticate user
chain.doFilter(request, response);
HttpSession session = req.getSession(false);
if(session!=null){
if(session.getAttribute("userid") == null){
session.setAttribute("userid", req.getRemoteUser());
}
}
String currentUser = (String)session.getAttribute("userid");
System.out.println("Login Filter | Current Logged in user: " + currentUser);
}
sessionManagementPhaseListener:
public void beforePhase(PhaseEvent event) {
if (event != null) {
FacesContext facesContext = event.getFacesContext();
if (facesContext != null) {
HttpServletRequest origRequest = (HttpServletRequest) FacesContext
.getCurrentInstance().getExternalContext().getRequest();
String requestedUrl = origRequest.getRequestURI();
HttpServletResponse response = (HttpServletResponse) FacesContext
.getCurrentInstance().getExternalContext()
.getResponse();
// set the response header here.
response.addHeader("Pragma", "no-cache");
response.addHeader("Cache-Control", "no-cache");
response.addHeader("Cache-Control", "no-store");
response.addHeader("Cache-Control", "must-revalidate");
response.addHeader("Expires", "Mon, 8 Aug 2006 10:00:00 GMT");
response.setDateHeader("Expires", -1);
if (requestedUrl != null
&& requestedUrl.contains(PROTECTED_FOLDER)) {
// HttpSession session = (HttpSession) facesContext
// .getExternalContext().getSessionMap();
// HttpSession session = origRequest.getSession();
Map<String, Object> requestMap = facesContext
.getExternalContext().getSessionMap();
if (requestMap == null) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
e.printStackTrace();
gotoLoginPage(response); // go to login page
}
}
else {
String currentUser = (String) requestMap.get("userid");
System.out.println("Current Logged in user: "
+ currentUser);
if (!isLoginPage
&& (currentUser == null || currentUser == "")) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
// go to login page in case of exceptions
e.printStackTrace();
gotoLoginPage(response);
}
}
}
}
}
}
}