0

I asked my problem earlier but I was not clear. So I ask my question again hoping that one understands me. I would like to create a user session for my application. Thus, the user must log in to access my homepage. For this I create a Bean and a filter. I used the answer to this question JSF HTTP Session Login to be able to do it. But the userManager in the Filter is always null. I don't know how to put in this line the value of the user who is connected. 

UserManager userManager = (UserManager) req.getSession().getAttribute("userManager");

Here is the filter.

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
UserManager userManager = (UserManager) req.getSession().getAttribute("userManager");       
String loginURL = req.getContextPath() + "/index.jsf";

if (userManager == null && !userManager.isLoggedIn() && !req.getRequestURI().equals(loginURL)) {

    res.sendRedirect(loginURL);

} else {

    res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
    res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
    res.setDateHeader("Expires", 0); // Proxies.

    chain.doFilter(request, response);

}

When I put this condition in the if !userManager.isLoggedIn(), I have a marker that says:

Null pointer access: The variable userManager can only be null at this location, 1 quick fix available, Add @SuppressWarnings 'null' to 'doFilter()'

I tried to add it and I executed but I got an error java.lang.NullPointerException. I'm beginner in JSF. Please, I need your help.

 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jsf-formulaire].[Faces Servlet]] "Servlet.service()" pour la servlet Faces Servlet a généré une exception: java.lang.NullPointerException
at com.citech.pointage.fe.bean.filters.SessionFilter.doFilter(SessionFilter.java:61) [:]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.1.0.Final]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.1.0.Final]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [:6.1.0.Final]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [:6.1.0.Final]
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181) [:6.1.0.Final]
at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.1.0.Final]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:159) [:6.1.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.1.0.Final]
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.1.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.1.0.Final]
at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.1.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.1.0.Final]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.1.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.1.0.Final]
at java.lang.Thread.run(Unknown Source) [:1.6.0_03]
Community
  • 1
  • 1
Princesse
  • 15
  • 1
  • 1
  • 5
  • This is not a JSF problem. This is just basic Java. Invest some more time in learning boolean logic. – BalusC Jul 03 '13 at 19:48

1 Answers1

0

Your condition should be:

if ((userManager == null || !userManager.isLoggedIn()) && 
    !req.getRequestURI().equals(loginURL)) // first && replaced by ||

Now you can continue working with JSF HTTP Session Login. Another option to validate the user is with PreRenderView event from jsf metadata, just add this in your pages:

<f:metadata>
  <f:event type="preRenderView" listener="#{securityMB.checkLogIn}" />
</f:metadata>

And your managed bean:

@ManagedBean(name = "securityMB")
@RequestScoped
public class SecurityBean {
  @ManagedProperty(value = "#{userManager}")
  private UserManager userManager;
  String loginURL = "/index.jsf";
  public void checkLogIn() {
  if (userManager == null || !userManager.isLoggedIn()) {
    FacesContext.getCurrentInstance().getExternalContext().redirect(loginURL);
  }
  //getter and setter (userManager)
}
Community
  • 1
  • 1
danRod
  • 113
  • 5
  • @ danRod:Thank you for your answer. I am very happy. I changed my condition as you have shown me and I don't have this Marker any more. But the session is still not created. In fact, when I enter my credentials and I validate the form, I am redirected to the home page. But when I click Logout, nothing happens. So I put the trace `System.out.println("not connected");` in the `if` and `System.out.println("connected");` in the `else` and I rerun the application. When I click Logout, I have this trace in the console:`System.out.println("not connected");`. Can you help me please? – Princesse Jul 04 '13 at 08:50
  • I think that `userManager` is null. That is why this condition: `if ((userManager == null || !userManager.isLoggedIn()) && !req.getRequestURI().equals(loginURL))` is always verified. How can I do? – Princesse Jul 04 '13 at 09:02
  • @Princesse delete `req.getRequestURI().equals(loginURL)` from your conditions and try. Can you paste your session bean please? – danRod Jul 04 '13 at 22:19
  • @ danRod: I delete `req.getRequestURI().equals(loginURL)` from my conditions and retry. It works now. Thank you very much. But please, how can I block access to the home page by typing the URL in the browser? – Princesse Jul 05 '13 at 07:34