JSF是否支持基于表单的安全性 [英] Does JSF support form based security
问题描述
我遵循了本教程 安全性在本教程中,提到为基于表单的表单添加类似的内容安全性
I followed this tutorial securityIn this tutorial it is mentioned that add something like this for form based security
<form action="j_security_check" method=post>
<p>username: <input type="text" name="j_username"></p>
<p>password: <input type="password" name="j_password"></p>
<p><input type="submit" value="submit"></p>
</form>
但是在JSF表单中,我在h:form中没有任何动作属性,我将其设置为 j_security_check .在JSF中使用j_username和j_password还必须使用以提供基于表单的安全性吗?
But in JSF form i have no action attributr in h:form, which i set to j_security_check. Also use of j_username and j_password is also necessary to use in JSF to provide form based security?
谢谢
推荐答案
Yes, this action URL and field names are mandatory for form based authentication. This is specified in the servlet specification. You can just use it as-is in a JSF page. The only difference is that the form submit and authentication is fully handled by the container, not by JSF. You don't need to worry about this.
但是,如果您希望对表单提交过程进行更精细的控制,或者想要利用JSF内置的验证和Ajax功能等,那么您始终可以通过 HttpServletRequest#login()
.身份验证仍由容器处理.
If you however want more finer grained control over the form submit process, or want to utilize JSF builtin validation and ajax powers and so on, then you can always takeover it by programmatic authentication in a JSF managed bean. For this you have to use HttpServletRequest#login()
in the action method. The authentication is still handled by the container.
例如
<h:form>
<h:inputText value="#{login.username}" required="true" />
<h:inputSecret value="#{login.password}" required="true" />
<h:commandButton value="login" action="#{login.submit}">
<f:ajax execute="@form" render="@form" />
</h:commandButton>
<h:messages />
</h:form>
使用
public String submit() {
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
try {
request.login(username, password);
return "home?faces-redirect-true";
} catch (ServletException e) {
context.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unknown login", null));
return null;
}
}
这篇关于JSF是否支持基于表单的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!