Is there any way in JSF which can be used to find out whether an user reached a page by the Navigation rule of the JSF or user has typed the URL directly to reach that page?
Actully I want to prevent user to go to a page directly by typing the URL for that directly in the Browser, rather I want to restrict the user to use the application navigation bar to go to an page.
There is a way: check the presence of the referer header (yes, with the misspelling).
if (externalContext.getRequestHeader("referer") == null) {
// User has most likely accessed the page by directly typing the URL.
}
or
<h:panelGroup rendered="#{empty header['referer']}">
<!-- User has most likely accessed the page by directly typing the URL. -->
</h:panelGroup>
This will however fail for users who have neatly used the link in your webpage, but are using some overzealous proxy/firewall/security software which hides the referer header altogether.
You might want to consider to make the page never directly available to users by placing it in /WEB-INF folder and using it as a conditional include which is executed by a POST request (if necessary with ajax). E.g.
<h:form>
<h:commandLink action="#{bean.showPage}" />
</h:form>
<h:panelGroup rendered="#{bean.showPage}">
<ui:include src="/WEB-INF/includes/foo.xhtml" />
</h:panelGroup>
