如何从JSF表单中进行Spring Security身份验证 [英] How can I do Spring Security authentication from within a JSF form

问题描述

我创建了一个简单的JSF登录页面，并试图将其与Spring Security集成.

I created a simple JSF login page, and I'm trying to integrate it with spring security.

这是 login.xhtml

    <h:form>

     <h:outputLabel value="User Id:" for="userId"/>

     <h:inputText id="j_username" label="User Id"
     required="true"   value="#{loginBean.name}" >

     </h:inputText>

     <h:outputLabel value="Password: "  for ="password"/>

     <h:inputSecret id="j_password" value="#{loginBean.password}" />

     <h:commandButton value="Submit" action="#{j_spring_security_check}" />

 </h:form>

但是呈现的html页面具有如下所示的内容.看一下表单操作和输入标签的名称

But the rendered html page has something like the below. Take a look at the form action and the input tag's names

表单元素

The form element

  <form id="j_idt6" name="j_idt6" method="post" 
    action="/jsfproject2/faces/login.xhtml"
       enctype="application/x-www-form-urlencoded">

和输入标签

And the input tags

   User Id:</label><input id="j_idt6:j_username" type="text"
     name="j_idt6:j_username" />

现在，我希望表单操作为/j_spring_security_check，输入框为'j_username'和j_password

Now I want form action to be /j_spring_security_check and input boxes to be 'j_username' and j_password

我们如何实现这一目标?

How can we achieve this ?

推荐答案

Spring Security有两种工作方式.

There are two options for Spring Security to work.

由于<h:form>是一个命名容器，因此它在其子代的ID前面加上指定的id或自动生成的ID，因此Spring Security希望这些ID保持未绑定状态，只是不要在ID之前添加

As <h:form> is a naming container, it prepends id of its children with the specified id, or the autogenerated id, so as Spring Security expects ids to remain unchainged, just don't prepend the ids:

 <h:form prependId="false">
     <h:outputLabel value="User Id: " for="userId" />
     <h:inputText id="j_username" label="User Id" required="true" value="#{loginBean.name}" />
     <h:outputLabel value="Password: "  for ="password" />
     <h:inputSecret id="j_password" value="#{loginBean.password}" />
     <h:commandButton value="Submit" action="#{loginBean.login}" />
</h:form>

请注意，#{j_spring_security_check}是错误的操作方法:它必须为#{loginBean.login}，并包含以下内容:

Note that #{j_spring_security_check} is a wrong action method: it needs to be #{loginBean.login} with the following contents:

public String login() {
    //do any job with the associated values that you've got from the user, like persisting attempted login, etc.
    FacesContext facesContext = FacesContext.getCurrentInstance();
    ExternalContext extenalContext = facesContext.getExternalContext();
    RequestDispatcher dispatcher = ((ServletRequest)extenalContext.getRequest()).getRequestDispatcher("/j_spring_security_check");
    dispatcher.forward((ServletRequest)extenalContext.getRequest(), (ServletResponse)extenalContext.getResponse());
    facesContext.responseComplete();
    return null;
}

基本上，您所需要做的就是调度到/j_spring_security_check并将j_username和j_password作为请求参数.

Basically, all you need to do is dispatch to /j_spring_security_check and have j_username and j_password as request parameters.

基本上，在此问题上，无需特别麻烦即可使用JSF表单，以防万一您不需要进行身份验证之外的其他事情，并且纯HTML表单足以满足Spring Security的职责.

Basically, there's no particular need to mess with JSF form on this issue, in case you don't need to do some extra things apart from authentication, and plain HTML form is sufficient for Spring Security to do its job.

<form action="/j_spring_security_check" method="POST">
    <label for="j_username">User Id: </label>
    <input id="j_username" name="j_username" type="text" />
    <label for="j_password">Password: </label>
    <input id="j_password" name="j_password" type="password"/>
    <input type="submit" value="Submit"/>
</form>

这篇关于如何从JSF表单中进行Spring Security身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！