Security in JSF Framework


On the Eclipse, create a Maven project

Click Next button and select maven-archetype-webapp

Click Next button and enter Project Information:

  • GroupId: LearnJSFFrameworkWithRealApps
  • Artifact Id: LearnJSFFrameworkWithRealApps
  • Package: com.demo

Click Finish button to finish create Maven project. Add Libraries and Dynamic Web Module as below:

  1. Select project and right click, select Properties menu
  2. Select Project Facets on left side
  3. Select Dynamic Web Module
  4. Select JavaServer Faces




Open web.xml file in src\main\webapp\WEB-INF folder and add configurations for JSF Framework as below:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	id="WebApp_ID" version="2.5">
	<display-name>LearnJSFFrameworkWithRealApps</display-name>
	<context-param>
		<param-name>javax.faces.PROJECT_STAGE</param-name>
		<param-value>Development</param-value>
	</context-param>
	<welcome-file-list>
		<welcome-file>faces/index.xhtml</welcome-file>
	</welcome-file-list>
	<servlet>
		<servlet-name>Faces Servlet</servlet-name>
		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>Faces Servlet</servlet-name>
		<url-pattern>/faces/*</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>Faces Servlet</servlet-name>
		<url-pattern>*.jsf</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>Faces Servlet</servlet-name>
		<url-pattern>*.faces</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>Faces Servlet</servlet-name>
		<url-pattern>*.xhtml</url-pattern>
	</servlet-mapping>
</web-app>

Open pom.xml file and add configurations for JSF Framework as below:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.demo</groupId>
	<artifactId>LearnJSFFrameworkWithRealApps</artifactId>
	<packaging>war</packaging>
	<version>1.0-SNAPSHOT</version>
	<name>LearnJSFFrameworkWithRealApps Maven Webapp</name>
	<url>http://maven.apache.org</url>

	<dependencies>
		<dependency>
			<groupId>com.sun.faces</groupId>
			<artifactId>jsf-api</artifactId>
			<version>2.2.8</version>
		</dependency>
		<dependency>
			<groupId>com.sun.faces</groupId>
			<artifactId>jsf-impl</artifactId>
			<version>2.2.17</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>jstl</artifactId>
			<version>1.2</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>servlet-api</artifactId>
			<version>2.5</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet.jsp</groupId>
			<artifactId>jsp-api</artifactId>
			<version>2.1</version>
		</dependency>
		<dependency>
			<groupId>com.sun.el</groupId>
			<artifactId>el-ri</artifactId>
			<version>1.0</version>
		</dependency>
	</dependencies>

	<build>
		<finalName>LearnJSFFrameworkWithRealApps</finalName>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>2.3.1</version>
				<configuration>
					<source>1.6</source>
					<target>1.6</target>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>




Create new package, named com.entities. In this package, create a entity class: Account.java

package com.entities;

public class Account {

	private String username;
	private String password;

	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

}

Create new package named com.demo.admin in src/main/java folder. In this package, create new managed beans as below:

In com.demo.admin package, create new java class named AccountAdminManagedBean.java as below:

package com.demo.admin;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import javax.faces.context.FacesContext;
import com.entities.Account;

@SessionScoped
@ManagedBean(name = "accountAdminManagedBean")
public class AccountAdminManagedBean {

	private boolean isLogin = false;
	private Account account;
	private String message = "";

	public AccountAdminManagedBean() {
		this.account = new Account();
	}

	public String getMessage() {
		return message;
	}

	public void setMessage(String message) {
		this.message = message;
	}

	public boolean isLogin() {
		return isLogin;
	}

	public void setLogin(boolean isLogin) {
		this.isLogin = isLogin;
	}

	public Account getAccount() {
		return account;
	}

	public void setAccount(Account account) {
		this.account = account;
	}

	public void verifyLogin() {
		if (!this.isLogin) {
			doRedirect("login.xhtml");
		}
	}

	public void login() {
		if (this.account.getUsername().equalsIgnoreCase("admin")
				&& this.account.getPassword().equalsIgnoreCase("123")) {
			this.isLogin = true;
			this.message = "";
			doRedirect("welcome.xhtml");
		} else {
			this.message = "Account's Invalid";
			doRedirect("login.xhtml");
		}
	}

	public void logout() {
		this.isLogin = false;
		doRedirect("login.xhtml");
	}

	private void doRedirect(String url) {
		try {
			FacesContext facesContext = FacesContext.getCurrentInstance();
			facesContext.getExternalContext().redirect(url);
		} catch (Exception e) {
			System.out.println(e.getMessage());
		}

	}

}

In com.demo.admin package, create new java class named NewsAdminManagedBean.java as below:

package com.demo.admin;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;

@SessionScoped
@ManagedBean(name = "newsAdminManagedBean")
public class NewsAdminManagedBean {

	public String index() {
		return "/admin/news?faces-redirect=true";
	}

}




In com.demo.admin package, create new java class named ProductAdminManagedBean.java as below:

package com.demo.admin;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;

@SessionScoped
@ManagedBean(name = "productAdminManagedBean")
public class ProductAdminManagedBean {

	public String index() {
		return "/admin/product?faces-redirect=true";
	}

}

Create new folder named admin in src\main\webapp folder. In this folder, create new xhtml file named template_admin.xhtml as below:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
	xmlns:ui="http://java.sun.com/jsf/facelets"
	xmlns:f="http://java.sun.com/jsf/core"
	xmlns:h="http://java.sun.com/jsf/html">

<h:head>
	<title>Admin Template Page</title>
	<f:metadata>
		<f:event listener="#{accountAdminManagedBean.verifyLogin()}" type="preRenderView"></f:event>
	</f:metadata>
</h:head>
<body>

	<h:form prependId="false">
		<h:commandLink value="Product Admin Page" action="#{productAdminManagedBean.index()}"></h:commandLink> |
		<h:commandLink value="News Admin Page" action="#{newsAdminManagedBean.index()}"></h:commandLink>
		<br></br><br></br>
		<ui:insert name="content"></ui:insert>
		<br></br><br></br>
		Copyright PMK Lab
	</h:form>

</body>
</html>

Create new xhtml files in src\main\webapp\admin as below:

Create new xhtml file named login.xhtml as below:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
	xmlns:ui="http://java.sun.com/jsf/facelets"
	xmlns:f="http://java.sun.com/jsf/core"
	xmlns:h="http://java.sun.com/jsf/html">

<h:head></h:head>
<body>

	<h:form prependId="false">
		<h:outputText value="#{accountAdminManagedBean.message}" />
		<h:panelGrid columns="2" cellpadding="2" cellspacing="2">
			<h:outputText value="Username" />
			<h:inputText value="#{accountAdminManagedBean.account.username}" />

			<h:outputText value="Password" />
			<h:inputSecret value="#{accountAdminManagedBean.account.password}" />

			<h:outputText value="" />
			<h:commandButton action="#{accountAdminManagedBean.login()}" value="Login" />
		</h:panelGrid>
	</h:form>
</body>
</html>




Create new xhtml file named welcome.xhtml as below:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
	xmlns:ui="http://java.sun.com/jsf/facelets"
	xmlns:f="http://java.sun.com/jsf/core"
	xmlns:h="http://java.sun.com/jsf/html">

<h:head></h:head>
<body>

	<ui:composition template="/admin/template_admin.xhtml">

		<ui:define name="content">
			Welcome <h:outputText value="#{accountAdminManagedBean.account.username}" />
			<br></br>
			<h:commandLink action="#{accountAdminManagedBean.logout()}" value="Logout" />
		</ui:define>

	</ui:composition>

</body>
</html>

Create new xhtml file named news.xhtml as below:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
	xmlns:ui="http://java.sun.com/jsf/facelets"
	xmlns:f="http://java.sun.com/jsf/core"
	xmlns:h="http://java.sun.com/jsf/html">

<h:head></h:head>
<body>

	<ui:composition template="/admin/template_admin.xhtml">
		<ui:define name="content">
			News Page in Admin
		</ui:define>
	</ui:composition>

</body>
</html>

Create new xhtml file named product.xhtml as below:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
	xmlns:ui="http://java.sun.com/jsf/facelets"
	xmlns:f="http://java.sun.com/jsf/core"
	xmlns:h="http://java.sun.com/jsf/html">

<h:head></h:head>
<body>

	<ui:composition template="/admin/template_admin.xhtml">
		<ui:define name="content">
			Product Page in Admin
		</ui:define>
	</ui:composition>

</body>
</html>




Select project, right click and select Run on Server menu

Access login.xhtml page in admin folder with following url:

http://localhost:8080/LearnJSFFrameworkWithRealApps/faces/admin/login.xhtml

Output

Test access news.xhtml page in admin folder without account with url:

http://localhost:8080/LearnJSFFrameworkWithRealApps/faces/admin/news.xhtml

Output

Test access product.xhtml page in admin folder without account with url:

http://localhost:8080/LearnJSFFrameworkWithRealApps/faces/admin/product.xhtml

Output

Test login with invalid account: username is abc and password is 123

Output

Test login with valid account: username is admin and password is 123

Output

Test access news.xhtml page in admin folder with url:

http://localhost:8080/LearnJSFFrameworkWithRealApps/faces/admin/news.xhtml

Output

Test access product.xhtml page in admin folder with url:

http://localhost:8080/LearnJSFFrameworkWithRealApps/faces/admin/product.xhtml

Output