jsf上下文创建 [英] jsf context creation
问题描述
我在这里遇到Java Web项目的问题.我正在处理的项目是将标准的jsp与jsf页面混合而成的. 应用程序的主页,称为main.jsp,是一个标准的jsp页面,该页面需要访问具有在servlet过滤器中创建的会话范围的托管bean,该servlet过滤器用于检查用户的身份验证. 在我的web.xml中,我设置了face引擎必须响应.jsf和/faces/*请求
I'm here facing a problem with a Java web project. The project I'm working on has been made with standard jsp mixed up with jsf pages. The main page of the application, called main.jsp is a standard jsp page that needs to access a managed bean with session scope created within a servlet filter used to check the authentication of the user. In my web.xml I have set up that faces engine must respond to .jsf and /faces/* request
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
如果使用http//myserver/myapp/faces/main.jsp
打开我的应用程序,则一切正常.
如果使用http://myserver/myapp/main.jsp
打开我的应用程序,则会出现错误,因为尚未创建faces上下文.
当用户在浏览器中简单地输入h ** p://myserver/myapp时,既不设置欢迎页面也不设置apache重定向,我能够让应用程序打开正确的页面(faces上下文中的main.jsp):这是因为/faces/main.jsp页面实际上不存在.
If I open my application with http//myserver/myapp/faces/main.jsp
everything works fine.
If I open my application with http://myserver/myapp/main.jsp
I'll get an error because the faces context hasn't been created yet.
Neither setting the welcome page nor setting the apache redirect I'm able to let the application open the right page (main.jsp within the faces context) when the users simply type h**p://myserver/myapp on their browsers: that's because the page /faces/main.jsp phisically doesn't exist.
我想可能有两种解决方案:即使在/faces/*模式之外也可以让faces上下文开始,或者找到一种方法来让tomcat重定向到/faces/main.jsp,即使页面没有存在...但是我尝试的所有尝试都失败了.
I guess there could be 2 solution: being able to let the faces context start even outside the /faces/* pattern, or find a way to let tomcat redirect to /faces/main.jsp even if the page doesn't exist... but I failed everything I tried.
推荐答案
只需不要通过 http://myserver/myapp/main.jsp ,而是通过 http://myserver/myapp/faces/main.jsp 或(首选) http://myserver/myapp/main.jsf .
Just do not open your application by http://myserver/myapp/main.jsp, but rather by http://myserver/myapp/faces/main.jsp or (more preferred) http://myserver/myapp/main.jsf.
如果您整个担心的是最终用户不应该访问FacesServlet
的url-pattern
之外的JSP页面(否则这个问题就没有多大意义了;)),然后选择web.xml
上添加security-constraint
,其中*.jsp
模式上的auth-constraint
为空.应当注意,最终用户将无法直接请求*.jsp
URL.
If your whole concern is that the endusers shouldn't be able to access the JSP pages outside the url-pattern
of the FacesServlet
(else this question would not make much sense ;) ), then go for the *.jsf
pattern and add a security-constraint
with an empty auth-constraint
on *.jsp
pattern to the web.xml
. This should take care that the endusers won't be able to request *.jsp
URL's directly.
<security-constraint>
<display-name>Restrict direct access to JSP files</display-name>
<web-resource-collection>
<web-resource-name>JSP files</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint />
</security-constraint>
在使用/faces/*
映射时,这不可能直接实现.我也会在web.xml
中删除它.
This is not directly possible when you're using /faces/*
mapping. I'd get rid of it in web.xml
as well.
此外,要覆盖正在键入 http://myserver/myapp 的最终用户,只需将main.jsf
定义为web.xml
中的welcome-file
并摆脱其他已定义的欢迎文件.但是,在Tomcat(可能还有其他servlet容器)中,您需要创建一个具有正确名称的空文件,以欺骗该文件在磁盘上的服务器.
Further, to cover endusers who are typing http://myserver/myapp, then just define main.jsf
as welcome-file
in web.xml
and get rid of the other definied welcome files. In Tomcat (and possibly also other servletcontainers) you'll however need to create an empty file with exactly that name to fool the server that the file exists on disk.
这篇关于jsf上下文创建的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!