Session Management in JSF

Session management is very important for all web application , which is used in following cases

Restrict the page access after session timedout
Restrict URL entry by validating the session
Restrict UN-authorised user access

We can assign the session control by following steps

Step : 1

Create two jsf pages

Login.xhtml
Home.xhtml

Step : 2

   Create managed bean for injecting the login.xhtml textbox values

Step : 3

After the JSF pages creation we need to create the Filter class named SessionTimeoutFilter which process the filtering mechanism.

Create SessionTimeoutFilter Class

public class SessionTimeoutFilter implements Filter
{
    private String timeoutPage = "Login";
    public void init(FilterConfig filterConfig) throws ServletException
   {
      //We will not process anything in init method so we can omit this part too.
   }

//Triggers for every faces-servlet request
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,ServletException
   {
           if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse))
           {

                   HttpServletRequest httpServletRequest = (HttpServletRequest) request;
                   HttpServletResponse httpServletResponse = (HttpServletResponse) response;
                   // is session expire control required for this request?
                   if (isSessionControlRequiredForThisResource(httpServletRequest))
                   {
                       // is session invalid?
                       if (isSessionInvalid(httpServletRequest))
                       {
                           String timeoutUrl = httpServletRequest.getContextPath() + "/" + getTimeoutPage();
                           System.out.println("Session is invalid! redirecting to timeoutpage : " + timeoutUrl);
                            httpServletResponse.sendRedirect(timeoutUrl);
                           return;

                       }

                   }
           filterChain.doFilter(request, response);
   }
    private boolean isSessionControlRequiredForThisResource(HttpServletRequest httpServletRequest)
{

   String requestPath = httpServletRequest.getRequestURI();

   boolean controlRequired = !StringUtils.contains(requestPath, getTimeoutPage());

   return controlRequired;

   }
      //Check whether the session is valid
   private boolean isSessionInvalid(HttpServletRequest httpServletRequest) {

   boolean sessionInValid = (httpServletRequest.getRequestedSessionId() != null)

   && !httpServletRequest.isRequestedSessionIdValid();

   return sessionInValid;

   }

   public void destroy()
    {

   }

   public String getTimeoutPage()
    {
      //Return timeout page to which we mentioned ablove
      return timeoutPage;
   }

   public void setTimeoutPage(String timeoutPage)

   {
    //Set timeout page to which we mentioned ablove
    this.timeoutPage = timeoutPage;
   }

Creating MyActionListener

This class is maintly for creating and manitaining the sessions

public class MySessionListener implements HttpSessionListener {

public MySessionListener()
{

}

public void sessionCreated(HttpSessionEvent event) {

System.out.println("Current Session created : "
+ event.getSession().getId()+ " at "+ new Date());

}

public void sessionDestroyed(HttpSessionEvent event) {

// get the destroying session...

HttpSession session = event.getSession();

System.out.println("Current Session destroyed :"
+ session.getId()+ " Logging out user...");

// Only if needed

try {

prepareLogoutInfoAndLogoutActiveUser(session);

}
catch(Exception e)
{
System.out.println("Error while logging out at session destroyed : "
                    + e.getMessage());

}

}

/**
* Clean your logout operations.
*/

public void prepareLogoutInfoAndLogoutActiveUser(HttpSession httpSession)
{
   // Only if needed
}

Configure web.xml

       After the Creating the Filter classes we need to include the classes to Faces Servlet in web.xml

<listener>
    <listener-class>bean.MySessionListener</listener-class>
</listener>
<filter>
    <filter-name>SessionTimeoutFilter</filter-name>
    <filter-class>bean.SessionTimeoutFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>SessionTimeoutFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
</filter-mapping>

Refernce Pages:

http://balusc.blogspot.in/2007/03/user-session-filter.html#top
www.stackoverflow.com

JavaFs

Search This Blog

Session Management in JSF

Comments

Post a Comment