JSF的过滤掉不初始重定向后重定向 [英] JSF Filter not redirecting After Initial Redirect
本文介绍了JSF的过滤掉不初始重定向后重定向的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试图安装一个web过滤器,需要一些帮助。我的过滤器正常工作的初始登录但是当会话超时,我点击任何链接,它激发我的重定向语句,但在浏览器中的网页永远不会被重定向。任何人都可以帮助这个问题?大部分AP preciated。
过滤器
/ *
*要改变这种模板,选择Tools |模板
*并打开编辑器的模板。
* /
包SRC;进口java.io.IOException异常;
进口javax.faces.application.NavigationHandler;
进口javax.faces.context.FacesContext;
进口javax.servlet.Filter的;
进口javax.servlet.FilterChain;
进口javax.servlet.FilterConfig;
进口javax.servlet.ServletException;
进口javax.servlet.ServletRequest;
进口javax.servlet.ServletResponse;
进口javax.servlet.annotation.WebFilter;
进口javax.servlet.http.HttpServletRequest;
进口javax.servlet.http.HttpServletResponse;
进口的javax.servlet.http.HttpSession;/ **
*
* @author伯纳德
* /
@WebFilter(FILTERNAME =LoginFilter,URL模式= {/ *})
公共类LoginFilter实现过滤器{ //一个FilterConfig FC; @覆盖
公共无效的init(一个FilterConfig一个FilterConfig)抛出了ServletException {
// FC =一个FilterConfig;
} @覆盖
公共无效的doFilter(ServletRequest中要求,ServletResponse的响应,FilterChain链)抛出IOException异常,ServletException异常{
HttpServletRequest的REQ =(HttpServletRequest的)请求;
HttpServletResponse的解析度=(HttpServletResponse的)响应;
HttpSession的会议= req.getSession(真);
。字符串pageRequested = req.getRequestURL()的toString();
布尔认证=(布尔)session.getAttribute(验证); 如果(认证== NULL){
验证= FALSE;
}
如果(认证和放大器;!&安培;!pageRequested.contains(登录)){
res.setStatus(301);
res.sendRedirect(req.getContextPath()+/login/login.xhtml);
}其他{
chain.doFilter(请求响应);
}
} @覆盖
公共无效的destroy(){
// FC = NULL;
}
}
faces-config.xml中
< XML版本='1.0'编码='UTF-8'&GT?;<! - ===========完整配置文件=============================== === - ><面孔,配置版本=2.1
的xmlns =http://java.sun.com/xml/ns/javaee
XMLNS:XSI =http://www.w3.org/2001/XMLSchema-instance
XSI:的schemaLocation =http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd\"> <导航规则>
<从-view-id的> / *< /从-view-id的> <导航功能的情况下,>
<从-结果>成功与LT; /从-结果>
&LT;要-view-id的&GT; /index.xhtml< /为-view-id的&GT;
&LT;重定向/&GT;
&LT; /导航情况&GT; &LT;导航功能的情况下,&GT;
&LT;从-结果&GT;衰竭及LT; /从-结果&GT;
&LT;要-view-id的&GT; /login/login.xhtml< /为-view-id的&GT;
&LT;重定向/&GT;
&LT; /导航情况&GT;
&LT; /导航规则&GT;
&LT; /面孔,配置&GT;
的web.xml
&LT;?XML版本=1.0编码=UTF-8&GT?;
&LT; web-app的版本=3.0的xmlns =http://java.sun.com/xml/ns/javaee的xmlns:XSI =http://www.w3.org/2001/XMLSchema-instance XSI:的schemaLocation =http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd\">
&LT;的context-param&GT;
&LT;参数-名称&gt;&javax.faces.PROJECT_STAGE LT; /参数 - 名称&gt;
&LT;参数值&GT;发展与LT; /参数值&GT;
&LT; /的context-param&GT;
&LT;&servlet的GT;
&LT; servlet的名称&gt;&FacesServlet的LT; / servlet的名称&gt;
&LT;的servlet类&GT; javax.faces.webapp.FacesServlet&LT; / servlet的类&GT;
&所述;负载上启动→1&下; /负载上启动&GT;
&LT; / servlet的&GT;
&LT; Servlet映射&GT;
&LT; servlet的名称&gt;&FacesServlet的LT; / servlet的名称&gt;
&LT; URL模式&GT; * XHTML&LT; / URL模式&GT;
&LT; / Servlet映射&GT;
&LT;会话配置&GT;
&LT;会话超时&GT;
三十
&LT; /会话超时&GT;
&LT; /会话配置&GT;
&LT;欢迎-文件列表&gt;
&LT;欢迎-文件&gt; /index.xhtml< /欢迎-文件&gt;
&LT; /欢迎-文件列表&gt;
&所述;滤光器&gt;
&LT;过滤器名称&gt;&限制LT; /过滤器名称&gt;
&LT;过滤器类和GT; src.LoginFilter&LT; /过滤器类&GT;
&LT; /滤光器&gt;
&LT;过滤器映射&GT;
&LT;过滤器名称&gt;&限制LT; /过滤器名称&gt;
&LT; URL模式&GT; / *&LT; / URL模式&GT;
&LT; /过滤器映射&GT;
&LT; / web-app的&GT;
身份验证豆
/ *
*要改变这种模板,选择Tools |模板
*并打开编辑器的模板。
* /
包SRC;进口java.math.BigInteger的;
进口java.security.MessageDigest中;
进口java.security.NoSuchAlgorithmException;
进口的java.util.Map;
进口java.util.logging.Level中;
进口java.util.logging.Logger中;
进口javax.faces.bean.ManagedBean;
进口javax.faces.bean.SessionScoped;
进口javax.faces.context.ExternalContext;
进口javax.faces.context.FacesContext;
进口javax.servlet.ServletRequest;
进口javax.servlet.http.HttpServletRequest;
进口的javax.servlet.http.HttpSession;/ **
*
* @author伯纳德
* /
@ManagedBean
@SessionScoped
公共Authenticator类{ 私人字符串用户名;
私人字符串密码; 公共字符串getUsername(){
返回用户名;
} 公共无效setUsername(字符串username){
this.username =用户名;
} 公共字符串getPassword来(){
返回密码;
} 公共无效setPassword(字符串密码){
this.password =密码;
} 公共字符串的authenticateUser(ServletRequest中要求){
HttpServletRequest的REQ =(HttpServletRequest的)请求;
HttpSession的会议= req.getSession(真);
session.setMaxInactiveInterval(30);
布尔认证=(布尔)session.getAttribute(验证); 数据库PGDATABASE =新的数据库();
联系foundAdmin = NULL;
尝试{
foundAdmin =(行政)pgDatabase.findAdminByUsername(用户名);
}赶上(ClassNotFoundException的前){
。Logger.getLogger(Authenticator.class.getName())日志(Level.SEVERE,空,前);
} 联系currentAdmin =新的管理员();
currentAdmin.userName =用户名;
currentAdmin.password = this.hashPassword((密码));
如果(认证= NULL&放大器;!&安培;!验证=真){
如果(foundAdmin!= NULL){
如果(currentAdmin.equals(foundAdmin)){
验证= TRUE;
session.setAttribute(认证,真正的);
返回成功;
}其他{
验证= FALSE;
session.setAttribute(认证,FALSE);
返回失败;
}
}其他{
验证= FALSE;
session.setAttribute(认证,FALSE);
返回失败;
}
}其他{
session.setAttribute(认证,真正的);
验证= TRUE;
返回成功;
}
} 公共字符串退出(){
FacesContext中CTX = FacesContext.getCurrentInstance();
的ExternalContext extCtx = ctx.getExternalContext();
地图&LT;弦乐,对象&gt; sessionMap = extCtx.getSessionMap();
sessionMap.put(认证,FALSE);
返回失败;
} 公共字符串hashPassword(字符串passwordToHash){
字符串hashword = NULL;
尝试{
消息摘要MD5 = MessageDigest.getInstance(MD5);
md5.update(password.getBytes());
的BigInteger散列=新的BigInteger(1,md5.digest());
hashword = hash.toString(16);
}赶上(抛出:NoSuchAlgorithmException nsae){
}
返回hashword;
}
}
解决方案
您过滤器看起来不错(除了极弱 url.contains(登录)测试在2种方式不正确试图将响应状态设置为301,并检查登录用户的有点差的方式)。
我觉得你的具体问题造成你正在执行由AJAX链接,而不是正常的链接导览树状图。你不能在一个Ajax响应发送重定向这种方式。无论是JSF的Ajax引擎,也不是web浏览器是继JSF Ajax响应302重定向。客户端与它完全忽略Ajax响应。
相反,你应该送它指示JSF AJAX引擎发送重定向一个特殊的XML响应。这正是XML响应,在被送往当JSF上下文的<一个内href=\"http://docs.oracle.com/javaee/6/api/javax/faces/context/ExternalContext.html#redirect%28java.lang.String%29\"><$c$c>ExternalContext#redirect()一个Ajax请求过程中被使用。
&LT;?XML版本=1.0编码=UTF-8&GT?;
&所述;部分响应&GT;
&LT;重定向URL =/ contextPath中/登录/ login.xhtml&GT;&LT; /重定向&GT;
&LT; /部分响应&GT;
在Servlet过滤器,你应该这样首先检查请求涉及一个JSF Ajax请求,如果是这样,则返回上面的XML响应,否则只调用 HttpServletResponse的#的sendRedirect()通常的方式。您可以通过检查面请求做请求头是present和等于部分/ AJAX
如果(分/ AJAX.equals(request.getHeader(面孔请求))){
//这是一个JSF Ajax请求。
}
所以,所有的一切,你的的doFilter()现在应该是这样的:
字符串loginURL = req.getContextPath()+/login/login.xhtml如果(认证和放大器;!&安培;!req.getRequestURI()等于(loginURL)){
如果(分/ AJAX.equals(request.getHeader(面孔请求))){
res.setContentType(文/ XML);
res.getWriter()
.append(&下; XML版本= \\1.0 \\编码= \\UTF-8 \\&GT;?)
.printf(&LT;部分响应&GT;&LT;重定向URL = \\%s \\的&GT;&LT; /重定向&GT;&LT; /部分响应&gt;中,loginURL);
}其他{
res.sendRedirect(loginURL);
}
}其他{
chain.doFilter(请求响应);
}
I am trying to setup a webfilter and need some help. My filter works fine on the initial login but when the session has timed out, and I click on any link, it fires my redirect statement but the webpage in the browser never gets redirected. Can anyone assist with this issue? Much appreciated.
Filter
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package src;
import java.io.IOException;
import javax.faces.application.NavigationHandler;
import javax.faces.context.FacesContext;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author Bernard
*/
@WebFilter(filterName = "LoginFilter", urlPatterns = {"/*"})
public class LoginFilter implements Filter {
//FilterConfig fc;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//fc = filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
Boolean authenticated = (Boolean) session.getAttribute("authenticated");
if (authenticated == null) {
authenticated = false;
}
if (!authenticated && !pageRequested.contains("login")) {
res.setStatus(301);
res.sendRedirect(req.getContextPath() + "/login/login.xhtml");
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
//fc = null;
}
}
Faces-config.xml
<?xml version='1.0' encoding='UTF-8'?>
<!-- =========== FULL CONFIGURATION FILE ================================== -->
<faces-config version="2.1"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd">
<navigation-rule>
<from-view-id>/*</from-view-id>
<navigation-case>
<from-outcome>success</from-outcome>
<to-view-id>/index.xhtml</to-view-id>
<redirect/>
</navigation-case>
<navigation-case>
<from-outcome>failure</from-outcome>
<to-view-id>/login/login.xhtml</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
</faces-config>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>FacesServlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>FacesServlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/index.xhtml</welcome-file>
</welcome-file-list>
<filter>
<filter-name>restrict</filter-name>
<filter-class>src.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>restrict</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
Authenticate Bean
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package src;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
*
* @author Bernard
*/
@ManagedBean
@SessionScoped
public class Authenticator {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String authenticateUser(ServletRequest request) {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession(true);
session.setMaxInactiveInterval(30);
Boolean authenticated = (Boolean) session.getAttribute("authenticated");
Database pgDatabase = new Database();
Admin foundAdmin = null;
try {
foundAdmin = (Admin) pgDatabase.findAdminByUsername(username);
} catch (ClassNotFoundException ex) {
Logger.getLogger(Authenticator.class.getName()).log(Level.SEVERE, null, ex);
}
Admin currentAdmin = new Admin();
currentAdmin.userName = username;
currentAdmin.password = this.hashPassword((password));
if (authenticated != null && authenticated != true) {
if (foundAdmin != null) {
if (currentAdmin.equals(foundAdmin)) {
authenticated = true;
session.setAttribute("authenticated", true);
return "success";
} else {
authenticated = false;
session.setAttribute("authenticated", false);
return "failure";
}
} else {
authenticated = false;
session.setAttribute("authenticated", false);
return "failure";
}
} else {
session.setAttribute("authenticated", true);
authenticated = true;
return "success";
}
}
public String logOut() {
FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext extCtx = ctx.getExternalContext();
Map<String, Object> sessionMap = extCtx.getSessionMap();
sessionMap.put("authenticated", false);
return "failure";
}
public String hashPassword(String passwordToHash) {
String hashword = null;
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
md5.update(password.getBytes());
BigInteger hash = new BigInteger(1, md5.digest());
hashword = hash.toString(16);
} catch (NoSuchAlgorithmException nsae) {
}
return hashword;
}
}
解决方案
Your filter looks fine (apart from the very weak url.contains("login") test and the in 2 ways incorrect attempt to set the response status to 301 and the a bit poor way of checking a logged-in user).
I think that your concrete problem is caused that you're performing navigaiton by ajax links instead of normal links. You can't send a redirect on an ajax response this way. Neither the JSF ajax engine nor the webbrowser follows 302 redirects on JSF ajax responses. The client ends up with an ajax response which is totally ignored.
Instead, you should be sending a special XML response which instructs the JSF ajax engine to send a redirect. It's exactly that XML response as is been sent when inside the JSF context the ExternalContext#redirect() is been used during an ajax request.
<?xml version="1.0" encoding="UTF-8"?>
<partial-response>
<redirect url="/contextpath/login/login.xhtml"></redirect>
</partial-response>
Inside the servlet filter, you should thus first check if the request concerns a JSF ajax request and if so, then return the above XML response, otherwise just invoke HttpServletResponse#sendRedirect() the usual way. You can do that by checking if the Faces-Request request header is present and equals to partial/ajax.
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
// It's a JSF ajax request.
}
So, all with all, your doFilter() should look now like this:
String loginURL = req.getContextPath() + "/login/login.xhtml";
if (!authenticated && !req.getRequestURI().equals(loginURL)) {
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
res.setContentType("text/xml");
res.getWriter()
.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>")
.printf("<partial-response><redirect url=\"%s\"></redirect></partial-response>", loginURL);
} else {
res.sendRedirect(loginURL);
}
} else {
chain.doFilter(request, response);
}
这篇关于JSF的过滤掉不初始重定向后重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
