用户使用JSF 2.0登录 [英] User login with JSF 2.0

问题描述

我正在尝试 - 使用JSF 2.0 - 以一种巧妙的方式实现登录/记住我/注销管理。由于传统的< form action =j_security_check... 方式缺乏灵活性，我决定采用不同的路径，但我发现了一个问题。

I am trying - with JSF 2.0 - to implement in a neat way the login/remember me/logout management. Since the traditional <form action="j_security_check" ... way lacks of flexibility I decided to follow a different path, but I found a problem.

声明性安全性在应用程序服务器中通过< security-domain> 正确设置，在web.xml中通过<$ c $正确设置c>< security-constraint> ，< login-config> 和< form-login-page> 。

Declarative security is properly set both in the application server through <security-domain> and in web.xml through <security-constraint>, <login-config> and <form-login-page>.

登录页面：

<h:form id="loginForm"> 
    <h:panelGrid columns="2" cellspacing="5">
        <h:outputText value="Username" />
        <h:inputText value="#{loginBean.username}" />
        <h:outputText value="Password:" />
        <h:inputText value="#{loginBean.password}" />
        <h:outputLabel value=""/>
        <h:commandButton value="Login" action="#{loginBean.login}" />
    </h:panelGrid>      
</h:form>

简单的LoginBean＃login（）：

And the simple LoginBean#login():

public String login( )
{
    HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance( ).getExternalContext( ).getRequest( );        
    try {
        request.login( username, password );
    }
    catch ( ServletException e ) {
        FacesContext.getCurrentInstance().addMessage( "Unknown login...
        return null;
    }       
    return "i_dont_know_where_you_were_going";
}

一切正常，但登录成功后我不知道知道如何将用户转发到其原始请求。由于登录页面自动插入客户端请求和任何安全资源之间，我需要一种方法来了解重定向操作的位置。 request.getRequestURL （）没有帮助，可能是因为 RequestDispatcher＃forward（）（它覆盖了请求网址）干预。你认为这是管理登录过程的适当方法？如果有，有关于问题的任何提示吗？

Everything works fine, but after a successful login I don't know how to forward the user to its original request. Since the login page is automatically interposed between the client request and "any" secured resource I need a way to understand where to redirect the action. request.getRequestURL( ) doesn't help, probably because of a RequestDispatcher#forward() (which overwrites the request url) intervention. Do you think this is an appropriate way to manage the login process? If so, any hint about the problem?

非常感谢！

推荐答案

在登录视图中添加如下行所示的内容。它会在登录时存储请求的页面。 / p>

Add something like the following line to your login view. It stores the requested page during the login.

<f:param name="redirect" value="#{requestScope['javax.servlet.forward.request_uri']}" />

然后在您的登录bean中获取请求的uri。

Then get the requested uri in your login bean.

FacesContext context = FacesContext.getCurrentInstance();
String redirect = context.getExternalContext().getRequestParameterMap().get("redirect");

添加？faces-redirect = true 到字符串并将其返回。

Add ?faces-redirect=true to the string and return it.

这篇关于用户使用JSF 2.0登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！