We use a Homegrown security application
which on successful authentication returns the RequestHeader Variables i.e.
employee Id etc.
We use JSF Spring Hibernate
Wondering whether i should JSF PhaseListener OR Servlet Filter to retrieve
RequestHeader Variables. This is what i am doing currently not sure its best
practice though. Any suggestions/pointers highly appreciated
public class LoginPhaseListener implements PhaseListener
{
public void afterPhase(PhaseEvent pe)
{
FacesContext facesContext = pe.getFacesContext();
String viewId = pe.getFacesContext().getViewRoot().getViewId();
if (viewId.endsWith(".xhtml")) {
String managedBeanName = getManagedBeanNameFromView(viewId);
Object object = facesContext.getApplication().createValueBinding("#{" +
managedBeanName + "}").getValue(facesContext);
if (object == null)
logger.error("OnPageLoad cannot be executed, no such managed bean:"+
managedBeanName);
else {
Login loginBean = (Login) object;
loginBean.onPageLoad();
}
}
}
public String getManagedBeanNameFromView(String viewId) {
String pageName = viewId.substring(1, viewId.length() - 6);
System.out.println("Name="+StringUtils.capitalize(pageName)+"Bean");
return pageName+"Bean";
}
JSF Backing Bean:
public class LoginBean implements Login {
public void onPageLoad() {
//System.out.println("***Inside onPageLoad******");
Map requestHeaderMap =
FacesContext.getCurrentInstance().getExternalContext().getRequestHeaderMap();
String empID = (String) requestHeaderMap.get("EmployeeID");
//Retrieve UserId and User roles from database and populate it with POJO
UserInfo userInfo //pojo
userInfo.setUserId(userId);
userInfo.setUserRoles(userRoles);
/* Store in Session so as to make it available to Spring Layer */
HttpSession userSession =
(HttpSession) FacesContext.getCurrentInstance().getExternalContext()
.getSession(true);
userSession.setAttribute("userInfo", userInfo);
}
}
I am also using Servlet Filter to retrieve Session object
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain
chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
// grab the current value from the session
UserInfo userInfo = (UserInfo)
request.getSession().getAttribute("userInfo");
// Update the user info bean holder for the current thread.
UserInfoHolder.setUserInfo(userInfo); // ThreadLocal object
// call the chain
//System.out.println("In Security Filter");
chain.doFilter(req,resp);
// threadLocal no longer needed (will be recreated next time through the
filter)
//UserInfoHolder.setUserInfo(null);
}
Now i am thinking instead of using PhaseListener cant i just use the Servelt
Filter to retrieve the RequestHeader variables, make connection to database
instead of using HttpSession
Not sure if its best practice though & also how to retrieve RequestHeader
variables in Servlet Filter
Regards
Bansi
--
View this message in context:
http://www.nabble.com/JSF-PhaseListener-VS-Servlet-Filter-tf3793704.html#a10729899
Sent from the MyFaces - Users mailing list archive at Nabble.com.
