@Named@RequestScopedpublic class SigninController implements Serializable {

1. @Named
2. @RequestScoped
3. public class SigninController implements Serializable {
4. private static final long serialVersionUID = 1L;
5.  
6. private String username;
7. private String password;
8. @EJB
9. private SigninBeanLocal signinBeanLocal;
10.  
11. public String login() {
12. User user = signinBeanLocal.find(username, password);
13.  
14. FacesContext context = FacesContext.getCurrentInstance();
15.  
16. if (user == null) {
17. context.addMessage("signinForm", new FacesMessage("Unknown login, try again"));
18. username = null;
19. password = null;
20. return null;
21. } else {
22. context.getExternalContext().getSessionMap().put("user", user);
23. return "index?faces-redirect=true";
24. }
25. }
26. ...
27.  
28. @WebFilter(urlPatterns={"/index.jsf"})
29. public class LoginFilter implements Filter{
30.  
31.  
32. @Override
33. public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
34.  
35. HttpServletRequest request = (HttpServletRequest) req;
36. HttpServletResponse response = (HttpServletResponse) res;
37. HttpSession session = request.getSession(false);
38. String loginURI = request.getContextPath() + "/signin.jsf";
39.  
40. boolean loggedIn = session != null && session.getAttribute("user") != null;
41. boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
42.  
43. if (loggedIn || resourceRequest) {
44. chain.doFilter(request, response);
45. } else {
46. response.sendRedirect(loginURI);
47. }
48. }
49. }