JSF HTTP会话登录 [英] JSF HTTP Session Login
问题描述
我尝试在Web应用程序中创建登录表单. 在JSP页面中,我可以使用
I try to create login form in web application. in JSP page I can use
<%
String name = request.getParameter( "username" );
session.setAttribute( "theName", name );
%>
但是现在我正在将JSF/Facelets用于Web应用程序 我不知道如何在客户端的JSF Backing bean中创建会话并检查用户是否登录,因此它将重定向到登录页面. 谁能帮我解决这些问题的链接教程? 谢谢你
but now I am using JSF /Facelets for web application I don't know how to create session in JSF Backing bean for client and check if user is logged in or not so it will redirect into login page. who can help me give me link tutorial for these problem ? thank you before
现在我映射到web.xml几乎没有问题 过滤器类的代码片段
Now I have little problem with mapping into web.xml code snipped of class Filter
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
LoginController controller = (LoginController) req.getSession()
.getAttribute("loginController");
if (controller == null || !controller.isLoggedIn()) {
res.sendRedirect("../admin/login.xhtml");
} else {
chain.doFilter(request, response);
}
}
,在web.xml中,我使用<fitler>标记
<filter>
<filter-name>userLoginFilter</filter-name>
<filter-class>com.mcgraw.controller.UserLoginFilter</filter-class>
<init-param>
<param-name>loginPage</param-name>
<param-value>/login.xhtml</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>userLoginFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
我在Web项目中有一个文件夹admin,并且我检查用户是否没有以不进入页面的管理员权限登录(我可以进行权限检查),但是当我使用过滤器时,浏览器无法理解url? ? 当浏览器不了解网址时,不会显示StackTrace
I have one folder admin in web project and I check if the user is not logged in with admin permission to not access page (I can do the permission check) but when I use the filter the browser doesn't understand url ?? no StackTrace show when the browser doesn't understand url
在Firefox上显示的错误
Error shown on Firefox
The page isn't redirecting properly
在IE上,正在加载...正在加载. ..不间断
on IE it loading ... loading . .. non-stop
现在我更改条件,该条件检查req.getPathInfo.startsWith("/login.xhtml")是否可以链接
now I change condition which check if req.getPathInfo.startsWith("/login.xhtml") it will do chain
我有2个想法,但它会响应500个HTTP状态
I have 2 idea but it response 500 HTTP STATUS
if (controller == null || !controller.isLoggedIn()) {
res.sendRedirect("../admin/login.xhtml");
if(req.getPathInfo().startsWith("/login.xhtml")){
chain.doFilter(request, response);
}
} else {
chain.doFilter(request, response);
}
===============
===============
if (controller == null || !controller.isLoggedIn()) {
if (!req.getPathInfo().startsWith("/login.xhtml")) {
res.sendRedirect("../admin/login.xhtml");
} else {
chain.doFilter(request, response);
}
} else {
chain.doFilter(request, response);
}
====================== 更新Class loginController
====================== update Class loginController
package com.mcgraw.controller;
import com.DAO.UserBean;
import com.entity.IUser;
import java.io.Serializable;
import javax.ejb.EJB;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
/**
* @author Kency
*/
@ManagedBean
@SessionScoped
public class LoginController implements Serializable {
@EJB
private UserBean userBean;
private IUser user;
private boolean admin;
private boolean mod;
private PasswordService md5;
/** Creates a new instance of LoginController */
public LoginController() {
user = new IUser();
md5 = new PasswordService();
}
// getter / setter
public boolean isMod() {
return mod;
}
public void setMod(boolean mod) {
this.mod = mod;
}
public IUser getUser() {
return user;
}
public void setUser(IUser user) {
this.user = user;
}
public boolean isAdmin() {
return admin;
}
public void setAdmin(boolean admin) {
this.admin = admin;
}
public String cplogin() {
String md5Password = md5.md5Password(user.getPassword());
if (userBean.userLogin(user.getUsername(), md5Password) != null) {
if (user.getUsername() != null || md5Password != null) {
user = userBean.userLogin(user.getUsername(), md5Password);
if (user.getGroups().getAdmin() != null) {
setAdmin(user.getGroups().getAdmin());
}
if (user.getGroups().getMods() != null) {
setMod(user.getGroups().getMods());
}
if (isAdmin() == true || isMod() == true) {
return "home";
} else {
return "login";
}
} else {
return "login";
}
} else {
return "login";
}
}
public String logout() {
user = null;
return "login";
}
public boolean isLoggedIn() {
return user != null;
}
}
如果在登录页面(而不是在admin文件夹中)中使用登录方法来渲染JSF taglib,我有一个新问题,即用户未登录可以看到我呈现的示例,< ==就像用户未登录时一样,用户可以没看见,但他为什么能看见呢?
I have new problem if render JSF taglib with method loggedIn, in index page (not in admin folder) user doesn't login can see what I render example, <== this like if user doesn't login user can't see but why can he see it?
推荐答案
You can in JSF get/set HTTP session attributes via ExternalContext#getSessionMap() which is basically a wrapper around HttpSession#get/setAttribute().
@Named
@RequestScoped
public class LoginController {
private String username;
private String password;
@EJB
private UserService userService;
public String login() {
User user = userService.find(username, password);
FacesContext context = FacesContext.getCurrentInstance();
if (user == null) {
context.addMessage(null, new FacesMessage("Unknown login, try again"));
username = null;
password = null;
return null;
} else {
context.getExternalContext().getSessionMap().put("user", user);
return "userhome?faces-redirect=true";
}
}
public String logout() {
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "index?faces-redirect=true";
}
// ...
}
在Facelets页面中,只需将username和password输入字段绑定到此bean并相应地调用login()操作.
In the Facelets page, just bind the username and password input fields to this bean and invoke login() action accordingly.
<h:form>
<h:inputText value="#{loginController.username}" />
<h:inputSecret value="#{loginController.password}" />
<h:commandButton value="login" action="#{loginController.login}" />
</h:form>
会话属性可以在EL中直接访问.名称为user的会话属性在EL中以#{user}的形式提供.测试用户是否已登录某些rendered属性时,只需检查其是否为empty.
Session attributes are directly accessible in EL. A session attribute with name user is in EL available as #{user}. When testing if the user is logged in some rendered attribute, just check if it's empty or not.
<h:panelGroup rendered="#{not empty user}">
<p>Welcome, #{user.fullName}</p>
<h:form>
<h:commandButton value="logout" action="#{loginController.logout}" />
</h:form>
</h:panelGroup>
注销操作基本上只是在破坏会话.
The logout action basically just trashes the session.
关于检查传入的请求(无论用户是否登录),只需创建 Filter ,它在
As to checking an incoming request if an user is logged in or not, just create a Filter which does roughly the following in doFilter() method:
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
String loginURI = request.getContextPath() + "/login.xhtml";
boolean loggedIn = session != null && session.getAttribute("user") != null;
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
if (loggedIn || loginRequest || resourceRequest) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI);
}
}
将其映射到覆盖受限页面的url-pattern上,例如/secured/*,/app/*等
Map it on an url-pattern covering the restricted pages, e.g. /secured/*, /app/*, etc.
- How to handle authentication/authorization with users in a database?
- Authorization redirect on session expiration does not work on submitting a JSF form, page stays the same
这篇关于JSF HTTP会话登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
