“记住我" jsf 2.0的功能 [英] "remember me" functionality with jsf 2.0
问题描述
我正在尝试实现记住我"/自动登录"功能.我已经在客户端存储了一个cookie,但是我什么时候应该读它呢?例如,如果尝试在过滤器中执行此操作,则将无法访问用于访问数据库的应用程序范围的Bean.
I am trying to implement "remember me"/"autologin" functionality. I have stored a cookie at the client but when should I read it? If I try to do that in a filter, for example, I won't have access to my application-scoped beans which I use to access the db.
最佳做法是什么?
推荐答案
它在某种程度上取决于您当前登录名的工作方式.是容器登录后是自定义内容(例如在会话中放入一些对象)还是仅自定义内容?
It depends a little on how your current login exactly works. Is it a container login followed by custom stuff (like putting some object in the session) or only custom?
在第一种情况下,您无法完全在JSF中进行自动登录,因为只要用户尝试访问受保护的资源,容器就会启动.在这种情况下,您仍然需要在过滤器(HttpServletRequest#login)中进行容器登录.
In the first case you can't do an auto-login completely in JSF, since the container will kick-in whenever the uses tries to access a protected resource. In that case you still need to do the container login part in a Filter (HttpServletRequest#login).
对于第一种情况和第二种情况,都可以通过全局PhaseListener完成JSF部分.在这种情况下,您可以收听非常早期的事件,例如before RESTORE_VIEW.在此事件处理程序中,您可以检查会话中是否放置了任何对象以标记登录,如果不存在,请使用HttpServletRequest检查是否存在记住我" cookie,并在需要时继续登录.调用PhaseListener时,JSF可以完全运行,并且您可以访问应用程序范围的托管Bean.
For both the first and second case, the JSF part can be done via a global PhaseListener. In this case you could listen to a very early event, e.g. before RESTORE_VIEW. In this event handler, you can check the session for whatever object your put in there to flag your login, and if it's not there use the HttpServletRequest to check if there's a "remember me" cookie and proceed with the login if needed. When the PhaseListener is called, JSF is fully operational and you can access your application scoped managed beans.
如果您仅在会话中使用一个对象并且不打扰任何容器登录,则只需跳过第一部分.
If you only use an object in the session and don't bother doing any container login, then you can simply skip the first part.
p.s.
另一种选择是不将任何数据库内容放入JSF托管Bean中,因此您不需要JSF操作即可访问数据库.在Java EE应用程序中,EJB bean是替代候选对象(实际上更适合此工作).它们可以注入到您的过滤器中,并可以在JSF生命周期开始之前用于访问数据库.除了EJB bean,CDI bean也可以选择.在许多方面,无论如何,这些都是JSF托管bean的更好选择.
Another option is not to put any DB stuff in JSF managed beans, so you don't need JSF operational in order to access your DB. In a Java EE application, EJB beans are alternative candidates (and actually better suited for this job). They can be injected into your filter and used to access the DB before the JSF life-cycle starts. Next to EJB beans, CDI beans are also an option. In many ways, these are better alternatives for JSF managed beans anyway.
这篇关于“记住我" jsf 2.0的功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
