0

NOTE: I don't want to redirect to a custom 401 page, I just want to use the default one.

I tried following the answer in this question:

How to "throw" JSF2 404 error?

With the following code:

FacesContext facesContext = FacesContext.getCurrentInstance();
ExternalContext externalContext = facesContext.getExternalContext();
externalContext.setResponseStatus(401);
facesContext.responseComplete();

But it does not redirect at all. It just continues on.

I also tried:

externalContext.responseSendError(HttpServletResponse.SC_UNAUTHORIZED, "Page not found.");

But that did nothing either.

EDIT: I think the problem is that the redirection is not immediate. Before my code "returns" to the JSF lifecycle, it throws an exception.

Is there a way to redirect immediately rather than wait?

Community
  • 1
  • 1
wsaxton
  • 1,030
  • 15
  • 34
  • Answer depends on the timing and the exception. When exactly are you calling `sendError()`? What exception excactly did you got afterwards? – BalusC Jun 23 '15 at 12:17
  • I have a method called "getUser()" in a session-scoped bean. I'm trying to return 401 if the user is null. The problem seems to be that, if one of my JSF pages tries to access sessionBean.user.userId, it gets NPE because user is null. I would just like to return the 401 if the user value is null under ANY circumstance. – wsaxton Jun 23 '15 at 12:20
  • I should add, I attempt to populate the 'user' value during the session-scoped beans PostConstruct method and if 'user' is null, I would like to redirect then. The issue is that the first time the bean is accessed is usually when a page tries to access 'sessionBean.user.userId' so the NPE will always happen. I could try putting an empty User object in user to get around this but that does not seem ideal. – wsaxton Jun 23 '15 at 12:24
  • You're attempting to act like a request-response controller inside a getter method? – BalusC Jun 23 '15 at 12:24
  • The bean is instantiated when a page accesses "sessionBean.user.userId". During the PostConstruct method an attempt is made to populate 'user' from the datatabase (I'm reading an email address from a JNDI variable, then populated 'user' based on that). If I can't find the 'user' (ie the email address is invalid) I want to return a 401. If there is a better way to do this, I'm open to it. – wsaxton Jun 23 '15 at 12:29
  • So whether its in the getter, in the PostConstruct or wherever. If I cannot find out who the user is, at any time, I would just like the browser to display a 401. – wsaxton Jun 23 '15 at 12:31
  • Hmm, that does look similar to my issue. Doesn't that mean that every one of my pages needs to include the tag though? That's not necessarily a problem, just wondering if I could contain this to one place... – wsaxton Jun 23 '15 at 12:35
  • Canonical place for authorization checking is a servlet filter (also mentioned in that answer). – BalusC Jun 23 '15 at 12:36
  • Okay, thanks. I'm actually using a Servlet Filter already, but perhaps I'm using it in the wrong way. I will re-ask a new question, thanks. – wsaxton Jun 23 '15 at 12:38

0 Answers0