J2EE offer different ways to check user authentication and authorization (JAAS, Apache SHIRO, Servlet Filters), often for demo software (or small ones) what you really need is a simple Session Bean as EventListener.
This ipotetic Session Bean manages user redirections between JSF views; consider this example with two views:
business.xhtml
loginform.xhtml
If a Guest user goes to http://localhost:8080/demo/business.xhtml he is gets redirected to loginform.xhtml, the Listener method save the originating URI (business.xhtml) and, if the auhentication is successful, brings the user back to the business view.
Setting the Event in view permit us to deny the access calling SessionBean.verifyUserLogin():
<f:event type="preRenderView" listener="#{SessionBean.verifyUserLogin()}"></f:event> |