使用HttpServletRequest进行JSF登录 [英] JSF Login with HttpServletRequest

问题描述

我在stackoverflow中找到了一个解决方案，该解决方案是如何使用HttpServletRequest在JSF中编写登录代码. 首先，login.xhtml:

i found a solution in stackoverflow how to code a login in JSF using HttpServletRequest. First things first, the login.xhtml:

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://java.sun.com/jsf/html">

<h:head>
    <title>Login</title>
</h:head>
<h:body>
    <h3>Login here</h3>
    <h:form id="loginForm">
        <h:outputLabel for="username" value="Username:" />
        <h:inputText value="#{loginService.userName}" id="username" requried="true" />
        <br/>
        <h:outputLabel for="password" value="Password:" />
        <h:inputSecret value="#{loginService.password}" id="password" requried="true" />
        <br/>
        <h:commandButton id="button" value="Login" action="#{loginService.doLogin}" />
        <br/>
        <h:commandLink action="#{navigationService.redirectToIndex}" value="Home" />
        <br/>
        <h:messages />
        <br/>
    </h:form>
</h:body>

loginService:

The loginService:

@Named
@SessionScoped
public class LoginService implements Serializable {

private String userName = "";
private String password = "";
@Inject
private NavigationService navigationService = null;
@Inject
private String originalURL = "";

/**
 * 
 */
@PostConstruct
public void init() {
    ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();

    this.originalURL = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_REQUEST_URI);

    if(this.originalURL == null) {
        this.originalURL = externalContext.getRequestContextPath() + navigationService.toIndex();
    } else {
        String originalQuery = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_QUERY_STRING);

        if(originalQuery != null) {
            this.originalURL += "?" + originalQuery;
        }
    }
}

/**
 * 
 * @return
 * @throws IOException 
 */
public void doLogin() throws IOException {
    FacesContext context = FacesContext.getCurrentInstance();
    ExternalContext externalContext = context.getExternalContext();
    HttpServletRequest request = (HttpServletRequest)externalContext.getRequest();

    try {
        request.login(this.userName, this.password);

        User user = dao.findUserByUserName(userName);

        externalContext.getSessionMap().put("user", user);
        externalContext.redirect(this.originalURL);
    } catch(ServletException e) {
        context.addMessage(null, new FacesMessage("Unknown login"));
    } catch (NoSuchUserException e) {
        context.addMessage(null, new FacesMessage(e.getMessage()));
    }
}

/**
 * 
 * @return
 * @throws IOException 
 */
public void doLogout() throws IOException {
    ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();

    externalContext.invalidateSession();
    externalContext.redirect(externalContext.getRequestContextPath() + navigationService.toLogin());
}

// Getters and Setters
}

我现在唯一需要知道的是:

The only thing i still need to know is now:

我在哪里可以定义哪些页面需要登录?

Where can i define for which pages login is needed?

推荐答案

建议的解决方案是:将所有需要记录的页面放在一个位置(文件夹，例如:"private_section")，而不需要的页面放在一个位置. (公共访问)应放在项目上下文中的任何位置，文件夹"private_section"下除外.然后，您可以使用简单的过滤器来控制对私有区域(对我们文件夹的访问)的访问，并通过此模式(第一个注释)可以指定要控制的区域:

A suggested solution is: putting all the pages requiring logging under one place (folder, ex: "private_section"), and the pages that don't need it (public access) are to be put wherever in the project context except under the folder "private_section". Then you can use a simple filter to control accessing to the private region (to our folder), and through this pattern (first annotation) you can specify the region to be controlled :

// imports    

@WebFilter("/private_section/*")
public class LoggingFilter implements Filter {


@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse res = (HttpServletResponse)response;
    UserBean user = (UserBean) req.getSession().getAttribute("user");         
    if (user != null && user.isLoggedIn()){
            chain.doFilter(request,response);
    }  
    else res.sendRedirect(req.getContextPath()+"/index.xhtml");
}

// other overriden methods

这篇关于使用HttpServletRequest进行JSF登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！