HTML and CSS Reference
In-Depth Information
As shown in Listing 4-16, PhaseListener interface has the following methods:
getPhaseId(): This method returns the identifier of the request processing phase, during
which this listener is interested in processing PhaseEvent events. Legal values are the
singleton instances defined by the PhaseId class, including PhaseId.ANY_PHASE to indicate an
interest in being notified for all standard phases.
beforePhase(): This method will be executed when the processing for a particular phase of
the request processing lifecycle is about to begin.
afterPhase(): This method will be executed when the processing for a particular phase has
just been completed.
Phase listeners can be useful for debugging the execution of the different JSF life cycle phases. It can also be used
for authorizing JSF application pages. Let's see an example to see how phase listeners can be used for authorizing
JSF pages. Let's get back to the first application example in Chapter 2. One of the missing functionalities in that
application is that the user can open directly the welcome application without having to pass through the login page.
In order to secure the welcome page (or maybe other pages) in the application, we can create a phase listener for this.
One thing that we need to modify in the application is to set a session flag to indicate that the user is authenticated by
entering a non-empty username and password in the login page. Listing 4-17 shows the updated User managed bean.
Listing 4-17. Updated User Managed Bean
public class User implements Serializable {
private String name;
private String password;
private Profession profession;
private List<String> favoriteSports;
private Map<String, String> spokenLanguages;
public String login() {
FacesContext context = FacesContext.getCurrentInstance();
HttpSession session = (HttpSession) context.getExternalContext().getSession(true);
// User passes through the login page and clicks the "login" button.
session.setAttribute("isAuthenticated", true);
return "welcome";
As shown in the previous code listing, a session attribute "isAuthenticated" is added for marking the user as
authenticated in the login() method (any entered non-empty username and password are accepted in the example).
Listing 4-18 shows AuthorizationListener phase listener code.
Search WWH ::

Custom Search