使用JSF 2.0通过重定向实现登录的正确方法是什么? [英] What is the correct way to implement login with redirect using JSF 2.0?

问题描述

我的网站的一部分应该只能由授权用户访问.假设用户将输入属于仅限授权部分的a.html页面.

Part of my site should be accessible only to authorized users. Let's assume user would enter page a.html which belongs to the authorized-only part.

如果要使用servlet/JSP，我可以编写一个过滤器来检查用户是否已登录，如果没有登录，则将其重定向到登录页面.成功登录后，用户将被重定向到他最初想要访问的页面，在本例中为a.html. (页面地址可以存储在请求中.)

If I was to use servlets/JSP I could write a filter that checked whether user is logged in and if not - redirected him to login page. After a successful login user would be redirected to the page he wanted to reach initially, in this case a.html. (Page address could be stored in request).

在JSF 2.0中实现这种情况的正确方法是什么?

What is a proper way to implement such scenario in JSF 2.0?

推荐答案

只需使用Filter相同的方式即可.很高兴知道，JSF会话范围内的受管bean位于以HttpSession属性(以受管bean名称为键)存储的情况下.

Just do it the same way, with a Filter. It's good to know that JSF session scoped managed beans are under the covers stored as a HttpSession attribute with the managed bean name as key.

假设您拥有这样的托管bean:

Assuming that you've a managed bean like this:

@ManagedBean
@SessionScoped 
public class UserManager {

    private User user;

    // ...

    public boolean isLoggedIn() {
        return (user != null);
    }

}

然后您可以在Filter#doFilter()中对其进行检查，如下所示:

Then you can check it in Filter#doFilter() as follows:

UserManager userManager = (UserManager) ((HttpServletRequest) request).getSession().getAttribute("userManager");

if (userManager != null && userManager.isLoggedIn()) {
    chain.doFilter(request, response);
} else {
    ((HttpServletResponse) response).sendRedirect("login.xhtml");
}

这篇关于使用JSF 2.0通过重定向实现登录的正确方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！