session expire / ACL controll phaselistener

package listener;

import java.io.IOException;
import java.util.List;

import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.faces.event.PhaseEvent;
import javax.faces.event.PhaseId;
import javax.faces.event.PhaseListener;
import javax.servlet.http.HttpSession;

import com.ibm.commons.util.StringUtil;
import com.ibm.designer.runtime.directory.DirectoryUser;
import com.ibm.xsp.designer.context.ServletXSPContext;
import com.ibm.xsp.designer.context.XSPUrl;

import util.JSFUtil;

/**
 * perform ACL control - session expire control
 * 
 * @author weihang.chen
 */
public class StarterListener implements PhaseListener {

	private static final long serialVersionUID = -3758380512345263872L;

	public void afterPhase(PhaseEvent arg0) {

	}

	public void beforePhase(PhaseEvent arg0) {
		// SESSION EXPIRE CONTROLL
		FacesContext context = arg0.getFacesContext();
		ExternalContext ext = context.getExternalContext();
		HttpSession session = (HttpSession) ext.getSession(false);
		boolean newSession = (session == null) || (session.isNew());
		boolean postback = !ext.getRequestParameterMap().isEmpty();
		boolean timedout = postback && newSession;

		Object localObject1 = JSFUtil.getVariableValue("context");
		String currenturl = "";
		if (localObject1 instanceof ServletXSPContext) {
			currenturl = ((ServletXSPContext) localObject1).getUrl()
					.toString();
		}
		if (timedout) {
			if (StringUtil.isNotEmpty(currenturl))
				try {
					ext.redirect(currenturl);
				} catch (IOException e) {
					e.printStackTrace();
				}
		}

		// ACL CONTROLL
		// if (arg0.getPhaseId() == PhaseId.RENDER_RESPONSE
		// || arg0.getPhaseId() == PhaseId.RESTORE_VIEW) {
		// Object localObject1;
		// Object localObject2;
		// localObject1 = JSFUtil.getVariableValue("context");
		// if (localObject1 instanceof ServletXSPContext) {
		// String requestPage = FacesContext.getCurrentInstance()
		// .getViewRoot().getViewId();
		// if (StringUtil.equals(requestPage, WELCOMEPAGE))
		// return;
		// localObject2 = ((ServletXSPContext) localObject1).getUser();
		// if (localObject2 instanceof DirectoryUser) {
		// List<?> roles = ((DirectoryUser) localObject2).getRoles();
		// if (roles.isEmpty())
		// ((ServletXSPContext) localObject1)
		// .redirectToPage(WELCOMEPAGE);
		// for (Object o : roles) {
		// if (!StringUtil.equals(o.toString(), ROLEADMIN)) {
		// ((ServletXSPContext) localObject1)
		// .redirectToPage(WELCOMEPAGE);
		// }
		// }
		// }
		// }
		// }
	}

	public PhaseId getPhaseId() {
		// TODO Auto-generated method stub
		return PhaseId.RENDER_RESPONSE;
	}

}



<!-- phaselistener needs to be added to faces-config.xml-->
<lifecycle>
    <phase-listener>listener.StarterListener</phase-listener>
</lifecycle>





this phase listener contains two fucntional perspectives
1. checks if a session has expired, if positive, redirect to current page by default
2. some code are commented away, you can add it back, it only listens to two phases in the lifecycle. what it does is to centralize all the ACL controll in one class, instead of writting it everywhere in individual xpages. of course then you would need to change the phase that the listener listens to as well
public PhaseId getPhaseId() {
return PhaseId.RENDER_RESPONSE;   -----> change to PhaseId.ANY_PHASE
}

Java
weihang chen
January 9, 2013 8:09 AM
Rating
125

All code submitted to OpenNTF XSnippets, whether submitted as a "Snippet" or in the body of a Comment, is provided under the Apache License Version 2.0. See Terms of Use for full details.



No comments yetLogin first to comment...