Can JSF redirect?

Question

A JSP developer learning JSF here!

In JSP I could use c:if and c:redirect to prevent access of un-authenticated users to a page by way of checking properties of a bean.

How can I achieve the same in JSF?

There is no c:redirect anymore.

I can still prevent page from rendering with c:if, but if I just redirected a user of an expired session to the login page, they can still hit Back button and see the page they were at. It will not work, but they can still see it and if they hit refresh, they will just see a blank page or whatever I will allow to render. Can I force them to stay on the login page until they properly logged back in?

Answer 1

The <c:redirect> is just the wrong tool for the job. Redirecting requests is the responsibility of the controller, not the view. This badly designed tag does therefore not exist anymore since Facelets. If you insist in homegrowing authentication, then you should be using a servlet filter.

See also:

• How to handle authentication/authorization with users in a database?
• Is there any easy way to preprocess and redirect GET requests?

Answer 2

Yes, JSF can surely do redirection, and by many tools, that the Filter is one of them. Take a look in this example : How implement a login filter in JSF?