JSF 过滤器在初始重定向后不重定向 [英] JSF Filter not redirecting After Initial Redirect
问题描述
我正在尝试设置网络过滤器,需要一些帮助.我的过滤器在初始登录时工作正常,但是当会话超时并且我单击任何链接时,它会触发我的重定向语句,但浏览器中的网页永远不会被重定向.任何人都可以协助解决这个问题吗?非常感谢.
I am trying to setup a webfilter and need some help. My filter works fine on the initial login but when the session has timed out, and I click on any link, it fires my redirect statement but the webpage in the browser never gets redirected. Can anyone assist with this issue? Much appreciated.
过滤器
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package src;
import java.io.IOException;
import javax.faces.application.NavigationHandler;
import javax.faces.context.FacesContext;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author Bernard
*/
@WebFilter(filterName = "LoginFilter", urlPatterns = {"/*"})
public class LoginFilter implements Filter {
//FilterConfig fc;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//fc = filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
Boolean authenticated = (Boolean) session.getAttribute("authenticated");
if (authenticated == null) {
authenticated = false;
}
if (!authenticated && !pageRequested.contains("login")) {
res.setStatus(301);
res.sendRedirect(req.getContextPath() + "/login/login.xhtml");
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
//fc = null;
}
}
Faces-config.xml
Faces-config.xml
<?xml version='1.0' encoding='UTF-8'?>
<!-- =========== FULL CONFIGURATION FILE ================================== -->
<faces-config version="2.1"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd">
<navigation-rule>
<from-view-id>/*</from-view-id>
<navigation-case>
<from-outcome>success</from-outcome>
<to-view-id>/index.xhtml</to-view-id>
<redirect/>
</navigation-case>
<navigation-case>
<from-outcome>failure</from-outcome>
<to-view-id>/login/login.xhtml</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
</faces-config>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>FacesServlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>FacesServlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/index.xhtml</welcome-file>
</welcome-file-list>
<filter>
<filter-name>restrict</filter-name>
<filter-class>src.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>restrict</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
验证 Bean
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package src;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
*
* @author Bernard
*/
@ManagedBean
@SessionScoped
public class Authenticator {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String authenticateUser(ServletRequest request) {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession(true);
session.setMaxInactiveInterval(30);
Boolean authenticated = (Boolean) session.getAttribute("authenticated");
Database pgDatabase = new Database();
Admin foundAdmin = null;
try {
foundAdmin = (Admin) pgDatabase.findAdminByUsername(username);
} catch (ClassNotFoundException ex) {
Logger.getLogger(Authenticator.class.getName()).log(Level.SEVERE, null, ex);
}
Admin currentAdmin = new Admin();
currentAdmin.userName = username;
currentAdmin.password = this.hashPassword((password));
if (authenticated != null && authenticated != true) {
if (foundAdmin != null) {
if (currentAdmin.equals(foundAdmin)) {
authenticated = true;
session.setAttribute("authenticated", true);
return "success";
} else {
authenticated = false;
session.setAttribute("authenticated", false);
return "failure";
}
} else {
authenticated = false;
session.setAttribute("authenticated", false);
return "failure";
}
} else {
session.setAttribute("authenticated", true);
authenticated = true;
return "success";
}
}
public String logOut() {
FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext extCtx = ctx.getExternalContext();
Map<String, Object> sessionMap = extCtx.getSessionMap();
sessionMap.put("authenticated", false);
return "failure";
}
public String hashPassword(String passwordToHash) {
String hashword = null;
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
md5.update(password.getBytes());
BigInteger hash = new BigInteger(1, md5.digest());
hashword = hash.toString(16);
} catch (NoSuchAlgorithmException nsae) {
}
return hashword;
}
}
推荐答案
你的过滤器看起来不错(除了非常弱的 url.contains("login") 测试和两种方式的错误尝试将响应状态设置为 301 和检查登录用户的方式有点差).
Your filter looks fine (apart from the very weak url.contains("login") test and the in 2 ways incorrect attempt to set the response status to 301 and the a bit poor way of checking a logged-in user).
我认为您的具体问题是由于您通过 ajax 链接而不是普通链接执行导航.您不能以这种方式在 ajax 响应上发送重定向.JSF ajax 引擎和 webbrowser 都不遵循 JSF ajax 响应上的 302 重定向.客户端最终得到一个完全被忽略的 ajax 响应.
I think that your concrete problem is caused that you're performing navigaiton by ajax links instead of normal links. You can't send a redirect on an ajax response this way. Neither the JSF ajax engine nor the webbrowser follows 302 redirects on JSF ajax responses. The client ends up with an ajax response which is totally ignored.
相反,您应该发送一个特殊的 XML 响应,指示 JSF ajax 引擎发送重定向.这正是在 JSF 上下文中发送的 XML 响应 ExternalContext#redirect() 用于 ajax 请求.
Instead, you should be sending a special XML response which instructs the JSF ajax engine to send a redirect. It's exactly that XML response as is been sent when inside the JSF context the ExternalContext#redirect() is been used during an ajax request.
<?xml version="1.0" encoding="UTF-8"?>
<partial-response>
<redirect url="/contextpath/login/login.xhtml"></redirect>
</partial-response>
在 servlet 过滤器中,您应该首先检查请求是否涉及 JSF ajax 请求,如果是,则返回上述 XML 响应,否则只需按照通常的方式调用 HttpServletResponse#sendRedirect().您可以通过检查 Faces-Request 请求标头是否存在并且等于 partial/ajax 来做到这一点.
Inside the servlet filter, you should thus first check if the request concerns a JSF ajax request and if so, then return the above XML response, otherwise just invoke HttpServletResponse#sendRedirect() the usual way. You can do that by checking if the Faces-Request request header is present and equals to partial/ajax.
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
// It's a JSF ajax request.
}
所以,总而言之,您的 doFilter() 现在应该是这样的:
So, all with all, your doFilter() should look now like this:
String loginURL = req.getContextPath() + "/login/login.xhtml";
if (!authenticated && !req.getRequestURI().equals(loginURL)) {
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
res.setContentType("text/xml");
res.getWriter()
.append("<?xml version="1.0" encoding="UTF-8"?>")
.printf("<partial-response><redirect url="%s"></redirect></partial-response>", loginURL);
} else {
res.sendRedirect(loginURL);
}
} else {
chain.doFilter(request, response);
}
这篇关于JSF 过滤器在初始重定向后不重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
