session handling in JSF 1.2

Question

How do we handle session variables (add/fetch) in JSF 1.2?

A scenario: Consider a login screen where the user logs in successfully, the user model is stored in session. The user modes contains the user role. Next time onwards, for every user action, check the user role from the user model and display the form accordingly. In such a case how to add the user odel in session and how to etrieve it every time from the session?

Previously I have worked in Struts 1.2 where in the execute method, we have a request e=which is used to get the session and access the session variables also. But I am not sure how to achieve th same in JSF 1.2.

Is the only way achieveable is to add the managed bean in the session scope in the faces-config.xml file?

Please help me out with the session handling concepts in JSF 1.2.

Answer 1

The session scope is programmatically available by ExternalContext#getSessionMap() which delegates under the covers to HttpSession#get/setAttribute() .

Map<String, Object> sessionMap = FacesContext.getCurrentInstance().getExternalContext().getSessionMap();
// ...

You can of course also just put a managed bean in the session scope. It's accessible from other managed beans by <managed-property> (or just a traversal of the session map using the managed bean name as map key).

Answer 2

I think you can use Java EE filters for this mechanism.

Filters are controlled by Servlet Container and runs first on an action depending on your web.xml order.

Add a servlet filter to your project.

public class YourFilter implements Filter {

public static final String USER = "USER_SESSION_KEY";

public void doFilter(ServletRequest req, ServletResponse response, FilterChain filterChain)
{

   HttpServletRequest request = (HttpServletRequest) req;
   HttpSession session = request.getSession(true);
       String servletpath = request.getServletPath();
if(!servletpath.contains("login.xhtml")) //exclude your login page and other pages required to pass this filter.
{
     if (session.getAttribute(USER) != null)
    {
    //Control your authentication and roles.
    }
    else
    {
    //There is no user in the session.
    }
}


    }
    filterChain.doFilter(request, response);
    }

Add your filter to your web.xml

<filter>
    <filter-name>YourFilter</filter-name>
    <filter-class>Package.YourFilter</filter-class>
</filter>
  <filter-mapping>
    <filter-name>YourFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
  </filter-mapping>

Secondly, put your User class to the session inside a JSF action.

public void userAction()
{


 User user = new User();
   //Build your User Class
  HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    request.getSession(false).setAttribute("USER", user);

}

PS : User class is a user defined POJO class. you should implement it according to your needs.

public class User
{
    private String username;
       //Other properties and getter setter methods required.

}

If you want to implement this mechanism inside JSF context. You can build the same logic by implementing JSF phase listeners .