OAuth callback in a jsf app

Question

At some point in this jsf web application, the current user is prompted to identify with Twitter via OAuth.

After the user identified on Twitter the OAUth callback url redirects to my app:

http://www.myJsfApp.com/successAuth.xhtml

But of course without a session id this successAuth.xhtml is not connected to the user session. The page is just the "raw" xhtml file (with all its tags) and no html.

How can I make this callback url to link back to the current session?

Answer 1

But of course without a session id this successAuth.xhtml is not connected to the user session.

If your servletcontainer supports URL rewriting (by default, they all do), then you can just pass the session ID as URL path fragment.

HttpSession session = (HttpSession) externalContext.getSession();
String callbackURL = "http://www.myJsfApp.com/successAuth.xhtml;jsessionid=" + session.getId();
// ...

See also:

• socialauth - can you use same session across a redirect?

---

The page is just the "raw" xhtml file (with all its tags) and no html.

That will happen when the FacesServlet isn't been invoked. The request URL must match the URL pattern of the FacesServlet in order to invoke it. So, if you have configured it to listen on for example /faces/* URLs, then you should obviously change the URL to faces/successAuth.xhtml.

HttpSession session = (HttpSession) externalContext.getSession();
String callbackURL = "http://www.myJsfApp.com/faces/successAuth.xhtml;jsessionid=" + session.getId();
// ...

Alternatively, you can also just map the FacesServlet on *.xhtml, this way you never need to fiddle with virtual URLs.

See also:

• JSF Facelets: Sometimes I see the URL is .jsf and sometimes .xhtml. Why?